[PATCH] Redirect incoming WAN traffic only when destination IP address matches the IP address configured on the

Fri Sep 4 07:54:10 EDT 2015

incoming interface

---
 zones.c | 36 ++++++++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/zones.c b/zones.c
index 2ddd7b4..8bd6673 100644
--- a/zones.c
+++ b/zones.c
@@ -383,10 +383,38 @@ print_interface_rule(struct fw3_ipt_handle
*handle, struct fw3_state *state,
        {
                if (has(zone->flags, handle->family, FW3_FLAG_DNAT))
                {
-                       r = fw3_ipt_rule_create(handle, NULL, dev,
NULL, sub, NULL);
-                       fw3_ipt_rule_target(r, "zone_%s_prerouting",
zone->name);
-                       fw3_ipt_rule_extra(r, zone->extra_src);
-                       fw3_ipt_rule_replace(r, "delegate_prerouting");
+                       struct list_head *addrs;
+                       struct fw3_address *addr;
+
+                       addrs = zone->masq ? calloc(1, sizeof(*addrs)) : NULL;
+                       if (addrs)
+                       {
+                               /* redirect only the traffic towards a
locally configured address */
+                               INIT_LIST_HEAD(addrs);
+                               fw3_ubus_address(addrs, dev->network);
+
+                               list_for_each_entry(addr, addrs, list)
+                               {
+                                       if (!fw3_is_family(addr,
handle->family))
+                                               continue;
+                                       /* reset mask to its maximum value */
+                                       memset(&addr->mask.v6, 0xFF,
sizeof(addr->mask.v6));
+
+                                       r =
fw3_ipt_rule_create(handle, NULL, dev, NULL, sub, addr);
+                                       fw3_ipt_rule_target(r,
"zone_%s_prerouting", zone->name);
+                                       fw3_ipt_rule_extra(r, zone->extra_src);
+                                       fw3_ipt_rule_replace(r,
"delegate_prerouting");
+                               }
+
+                               fw3_free_list(addrs);
+                       }
+                       else
+                       {
+                               r = fw3_ipt_rule_create(handle, NULL,
dev, NULL, sub, NULL);
+                               fw3_ipt_rule_target(r,
"zone_%s_prerouting", zone->name);
+                               fw3_ipt_rule_extra(r, zone->extra_src);
+                               fw3_ipt_rule_replace(r, "delegate_prerouting");
+                       }
                }

                if (has(zone->flags, handle->family, FW3_FLAG_SNAT))
--
1.7.12.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

