From b46478b0ba5b3845b62efc7af22413868115733a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 2 Apr 2020 14:14:51 +0200 Subject: [PATCH] Add Full Cone NAT support --- build.sh | 10 +++++ patches/fullconenat-luci.patch | 13 ++++++ .../config/firewall/patches/fullconenat.patch | 40 +++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 patches/fullconenat-luci.patch create mode 100644 root/package/network/config/firewall/patches/fullconenat.patch diff --git a/build.sh b/build.sh index 3f06b9d0..450b58ef 100755 --- a/build.sh +++ b/build.sh @@ -228,6 +228,16 @@ echo "Update feeds index" cp .config .config.keep scripts/feeds clean scripts/feeds update -a + +cd - +echo "Checking if fullconenat-luci patch is set or not" +if ! patch -Rf -N -p1 -s --dry-run < patches/fullconenat-luci.patch; then + echo "apply..." + patch -N -p1 -s < patches/fullconenat-luci.patch +fi +echo "Done" +cd "$OMR_TARGET/source" + if [ "$OMR_ALL_PACKAGES" = "yes" ]; then scripts/feeds install -a -p packages scripts/feeds install -a -p luci diff --git a/patches/fullconenat-luci.patch b/patches/fullconenat-luci.patch new file mode 100644 index 00000000..248d4dce --- /dev/null +++ b/patches/fullconenat-luci.patch @@ -0,0 +1,13 @@ +--- a/feeds/luci/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js ++++ b/feeds/luci/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js +@@ -131,6 +131,10 @@ return L.view.extend({ + o = s.taboption('general', form.Flag, 'masq', _('Masquerading')); + o.editable = true; + ++ o = s.taboption('general', form.Flag, 'fullcone', _('Full Cone')); ++ o.editable = true; ++ o.depends('masq', '1'); ++ + o = s.taboption('general', form.Flag, 'mtu_fix', _('MSS clamping')); + o.modalonly = true; + diff --git a/root/package/network/config/firewall/patches/fullconenat.patch b/root/package/network/config/firewall/patches/fullconenat.patch new file mode 100644 index 00000000..825e8c1d --- /dev/null +++ b/root/package/network/config/firewall/patches/fullconenat.patch @@ -0,0 +1,40 @@ +--- a/options.h ++++ b/options.h +@@ -341,6 +341,8 @@ struct fw3_zone + struct list_head masq_src; + struct list_head masq_dest; + ++ bool fullcone; ++ + bool mtu_fix; + + struct list_head cthelpers; +--- a/zones.c ++++ b/zones.c +@@ -77,6 +77,8 @@ const struct fw3_option fw3_zone_opts[] + FW3_LIST("masq_src", network, zone, masq_src), + FW3_LIST("masq_dest", network, zone, masq_dest), + ++ FW3_OPT("fullcone", bool, zone, fullcone), ++ + FW3_OPT("extra", string, zone, extra_src), + FW3_OPT("extra_src", string, zone, extra_src), + FW3_OPT("extra_dest", string, zone, extra_dest), +@@ -709,7 +711,16 @@ print_zone_rule(struct fw3_ipt_handle *h + (mdest = next_addr(mdest, &zone->masq_dest, + handle->family, false)) || first_dest; + first_dest = false) +- { ++ if (zone->fullcone && (access("/usr/lib/iptables/libipt_FULLCONENAT.so", 0) == 0)) { ++ r = fw3_ipt_rule_new(handle); ++ fw3_ipt_rule_src_dest(r, msrc, mdest); ++ fw3_ipt_rule_target(r, "FULLCONENAT"); ++ fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name); ++ r = fw3_ipt_rule_new(handle); ++ fw3_ipt_rule_src_dest(r, msrc, mdest); ++ fw3_ipt_rule_target(r, "FULLCONENAT"); ++ fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name); ++ } else { + r = fw3_ipt_rule_new(handle); + fw3_ipt_rule_src_dest(r, msrc, mdest); + fw3_ipt_rule_target(r, "MASQUERADE");