[firewall3][PATCH] zones: limit masq_allow_invalid effect to ipv4 family
Alin Nastac
alin.nastac at gmail.com
Wed Jul 1 10:44:00 EDT 2020
Preventing NAT leakage on ipv6 doesn't make sense, as
all other masq* options have effect only on ipv4.
Signed-off-by: Alin Nastac <alin.nastac at gmail.com>
---
zones.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/zones.c b/zones.c
index 68b02ab..dbf23dc 100644
--- a/zones.c
+++ b/zones.c
@@ -501,7 +501,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
if (has(zone->flags, handle->family, t))
{
- if (t == FW3_FLAG_ACCEPT &&
+ if (t == FW3_FLAG_ACCEPT && handle->family == FW3_FAMILY_V4 &&
zone->masq && !zone->masq_allow_invalid)
{
r = fw3_ipt_rule_create(handle, NULL, NULL, dev, NULL, sub);
--
2.7.4
More information about the openwrt-devel
mailing list