brielle/SRFirewall
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Fix port forwarding with FORWARD set to DROP by default

Browse Source
This commit is contained in:
bbruns 2014-04-13 17:40:12 +00:00
parent f947397769
commit fe07e06ad0
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/iptables.inc
View File

@ -593,6 +593,7 @@ function enable_portfw {
[[ ${protocol} != "-" ]] && protocol="-p ${protocol}" [[ ${protocol} != "-" ]] && protocol="-p ${protocol}"
[[ ${intip} != "-" ]] && intdest="--to-destination ${intip}:${intport}" [[ ${intip} != "-" ]] && intdest="--to-destination ${intip}:${intport}"
[[ ${interface} != "-" ]] && interface="-i ${interface}" [[ ${interface} != "-" ]] && interface="-i ${interface}"
[[ ${intip} != "-" ]] && intip="-d ${intip}"
[[ ${address} != "-" ]] && address="-d ${address}" [[ ${address} != "-" ]] && address="-d ${address}"
[[ ${srcaddress} != "-" ]] && srcaddress="-s ${srcaddress}" [[ ${srcaddress} != "-" ]] && srcaddress="-s ${srcaddress}"
@ -604,7 +605,7 @@ function enable_portfw {
[[ ${srcaddress} == "-" ]] && srcaddress="" [[ ${srcaddress} == "-" ]] && srcaddress=""
${VER_IPTABLES} -A ${PortForward} -t nat ${protocol} ${service} ${interface} ${address} ${srcaddress} -j DNAT ${intdest} ${VER_IPTABLES} -A ${PortForward} -t nat ${protocol} ${service} ${interface} ${address} ${srcaddress} -j DNAT ${intdest}
${VER_IPTABLES} -A ${InFilter} ${protocol} ${service} ${interface} ${address} ${srcaddress} ${conntrack_state} -j ACCEPT ${VER_IPTABLES} -A ${FwdFilter} ${protocol} ${service} ${interface} ${intip} ${srcaddress} ${conntrack_state} -j ACCEPT
done < "${FWCONFIGDIR}/ipv${IPVER}/portfw.conf" done < "${FWCONFIGDIR}/ipv${IPVER}/portfw.conf"
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done" ${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"