mirror of
https://github.com/Ysurac/openmptcprouter.git
synced 2025-02-13 20:01:55 +00:00
40 lines
1.5 KiB
Diff
40 lines
1.5 KiB
Diff
--- a/options.h
|
|
+++ b/options.h
|
|
@@ -341,6 +341,8 @@ struct fw3_zone
|
|
struct list_head masq_src;
|
|
struct list_head masq_dest;
|
|
|
|
+ bool fullcone;
|
|
+
|
|
bool mtu_fix;
|
|
|
|
struct list_head cthelpers;
|
|
--- a/zones.c
|
|
+++ b/zones.c
|
|
@@ -77,6 +77,8 @@ const struct fw3_option fw3_zone_opts[]
|
|
FW3_LIST("masq_src", network, zone, masq_src),
|
|
FW3_LIST("masq_dest", network, zone, masq_dest),
|
|
|
|
+ FW3_OPT("fullcone", bool, zone, fullcone),
|
|
+
|
|
FW3_OPT("extra", string, zone, extra_src),
|
|
FW3_OPT("extra_src", string, zone, extra_src),
|
|
FW3_OPT("extra_dest", string, zone, extra_dest),
|
|
@@ -709,7 +711,16 @@ print_zone_rule(struct fw3_ipt_handle *h
|
|
(mdest = next_addr(mdest, &zone->masq_dest,
|
|
handle->family, false)) || first_dest;
|
|
first_dest = false)
|
|
- {
|
|
+ if (zone->fullcone && (access("/usr/lib/iptables/libipt_FULLCONENAT.so", 0) == 0)) {
|
|
+ r = fw3_ipt_rule_new(handle);
|
|
+ fw3_ipt_rule_src_dest(r, msrc, mdest);
|
|
+ fw3_ipt_rule_target(r, "FULLCONENAT");
|
|
+ fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
|
|
+ r = fw3_ipt_rule_new(handle);
|
|
+ fw3_ipt_rule_src_dest(r, msrc, mdest);
|
|
+ fw3_ipt_rule_target(r, "FULLCONENAT");
|
|
+ fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name);
|
|
+ } else {
|
|
r = fw3_ipt_rule_new(handle);
|
|
fw3_ipt_rule_src_dest(r, msrc, mdest);
|
|
fw3_ipt_rule_target(r, "MASQUERADE");
|