Skip to content
Permalink
Browse files

464xlat: don't set default firewall zone to wan

Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
  • Loading branch information...
dedeckeh committed Apr 29, 2019
1 parent ace2410 commit 470f5b31e334e496a868301c0cb8bc550c1ee4da
Showing with 17 additions and 13 deletions.
  1. +1 −1 package/network/ipv6/464xlat/Makefile
  2. +16 −12 package/network/ipv6/464xlat/files/464xlat.sh
@@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk

PKG_NAME:=464xlat
PKG_VERSION:=11
PKG_VERSION:=12

PKG_SOURCE_DATE:=2018-01-16
PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
@@ -27,7 +27,7 @@ proto_464xlat_setup() {
local ip6addr ip6prefix tunlink zone
json_get_vars ip6addr ip6prefix tunlink zone

[ -z "$zone" ] && zone="wan"
[ "$zone" = "-" ] && zone=""

( proto_add_host_dependency "$cfg" "::" "$tunlink" )

@@ -53,25 +53,29 @@ proto_464xlat_setup() {
proto_add_ipv6_route $ip6addr 128 "" "" "" "" 128

proto_add_data
[ "$zone" != "-" ] && json_add_string zone "$zone"
[ -n "$zone" ] && json_add_string zone "$zone"

json_add_array firewall
[ -z "$zone" ] && zone=$(fw3 -q network $iface 2>/dev/null)

json_add_object ""
json_add_string type nat
json_add_string target SNAT
json_add_string family inet
json_add_string snat_ip 192.0.0.1
json_close_object
json_add_object ""
json_add_string type rule
json_add_string family inet6
json_add_string proto all
json_add_string direction in
json_add_string dest "$zone"
json_add_string src "$zone"
json_add_string src_ip $ip6addr
json_add_string target ACCEPT
json_close_object
[ -n "$zone" ] && {
json_add_object ""
json_add_string type rule
json_add_string family inet6
json_add_string proto all
json_add_string direction in
json_add_string dest "$zone"
json_add_string src "$zone"
json_add_string src_ip $ip6addr
json_add_string target ACCEPT
json_close_object
}
json_close_array
proto_close_data

0 comments on commit 470f5b3

Please sign in to comment.
You can’t perform that action at this time.