diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2014-07-21 16:06:04 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2014-07-21 16:06:11 +0200 |
commit | 91953d6a6e90df988f442f53097bd208784a295d (patch) | |
tree | d573d8ca11c040680c4cdda6116d76237ed85b5a | |
parent | 8dd290b85ee8d57026581891e9a34945d077fa3b (diff) | |
download | firewall3-91953d6a6e90df988f442f53097bd208784a295d.tar.gz |
zones: make forward policy destination bound
The zone forwarding policy was installed source bound which resulted
in zones with forward accept policy to allow traffic anywhere while
only traffic between the zones network is supposed to be allowed in this
case.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
-rw-r--r-- | zones.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -223,11 +223,11 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p) } setbit(zone->flags[0], fw3_to_src_target(zone->policy_input)); - setbit(zone->flags[0], fw3_to_src_target(zone->policy_forward)); + setbit(zone->flags[0], zone->policy_forward); setbit(zone->flags[0], zone->policy_output); setbit(zone->flags[1], fw3_to_src_target(zone->policy_input)); - setbit(zone->flags[1], fw3_to_src_target(zone->policy_forward)); + setbit(zone->flags[1], zone->policy_forward); setbit(zone->flags[1], zone->policy_output); list_add_tail(&zone->list, &state->zones); @@ -491,7 +491,7 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, fw3_ipt_rule_append(r, "zone_%s_input", zone->name); r = fw3_ipt_rule_new(handle); - fw3_ipt_rule_target(r, "zone_%s_src_%s", zone->name, + fw3_ipt_rule_target(r, "zone_%s_dest_%s", zone->name, fw3_flag_names[zone->policy_forward]); fw3_ipt_rule_append(r, "zone_%s_forward", zone->name); |