diff options
| -rw-r--r-- | iptables.c | 10 | ||||
| -rw-r--r-- | iptables.h | 2 | ||||
| -rw-r--r-- | options.c | 16 | ||||
| -rw-r--r-- | options.h | 5 | ||||
| -rw-r--r-- | rules.c | 4 | ||||
| -rw-r--r-- | snats.c | 2 |
6 files changed, 39 insertions, 0 deletions
@@ -744,6 +744,16 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r, } void +fw3_ipt_rule_device(struct fw3_ipt_rule *r, const char *device, bool out) +{ + if (device) { + struct fw3_device dev = { .any = false }; + strncpy(dev.name, device, sizeof(dev.name) - 1); + fw3_ipt_rule_in_out(r, (out) ? NULL : &dev, (out) ? &dev : NULL); + } +} + +void fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac) { char buf[sizeof("ff:ff:ff:ff:ff:ff\0")]; @@ -143,6 +143,8 @@ void fw3_ipt_rule_src_dest(struct fw3_ipt_rule *r, void fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r, struct fw3_port *sp, struct fw3_port *dp); +void fw3_ipt_rule_device(struct fw3_ipt_rule *r, const char *device, bool out); + void fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac); void fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp); @@ -854,6 +854,22 @@ fw3_parse_setmatch(void *ptr, const char *val, bool is_list) return true; } +bool +fw3_parse_direction(void *ptr, const char *val, bool is_list) +{ + bool *is_out = ptr; + bool valid = true; + + if (!strcmp(val, "in") || !strcmp(val, "ingress")) + *is_out = false; + else if (!strcmp(val, "out") || !strcmp(val, "egress")) + *is_out = true; + else + valid = false; + + return valid; +} + bool fw3_parse_options(void *s, const struct fw3_option *opts, @@ -328,6 +328,9 @@ struct fw3_rule struct fw3_zone *_src; struct fw3_zone *_dest; + const char *device; + bool direction_out; + struct fw3_device src; struct fw3_device dest; struct fw3_setmatch ipset; @@ -408,6 +411,7 @@ struct fw3_snat struct fw3_device src; struct fw3_setmatch ipset; + const char *device; struct list_head proto; @@ -550,6 +554,7 @@ bool fw3_parse_weekdays(void *ptr, const char *val, bool is_list); bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list); bool fw3_parse_mark(void *ptr, const char *val, bool is_list); bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list); +bool fw3_parse_direction(void *ptr, const char *val, bool is_list); bool fw3_parse_options(void *s, const struct fw3_option *opts, struct uci_section *section); @@ -28,6 +28,9 @@ const struct fw3_option fw3_rule_opts[] = { FW3_OPT("src", device, rule, src), FW3_OPT("dest", device, rule, dest), + FW3_OPT("device", string, rule, device), + FW3_OPT("direction", direction, rule, direction_out), + FW3_OPT("ipset", setmatch, rule, ipset), FW3_LIST("proto", protocol, rule, proto), @@ -350,6 +353,7 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, r = fw3_ipt_rule_create(handle, proto, NULL, NULL, sip, dip); fw3_ipt_rule_sport_dport(r, sport, dport); + fw3_ipt_rule_device(r, rule->device, rule->direction_out); fw3_ipt_rule_icmptype(r, icmptype); fw3_ipt_rule_mac(r, mac); fw3_ipt_rule_ipset(r, &rule->ipset); @@ -26,6 +26,7 @@ const struct fw3_option fw3_snat_opts[] = { FW3_OPT("family", family, snat, family), FW3_OPT("src", device, snat, src), + FW3_OPT("device", string, snat, device), FW3_OPT("ipset", setmatch, snat, ipset), @@ -308,6 +309,7 @@ print_snat(struct fw3_ipt_handle *h, struct fw3_state *state, r = fw3_ipt_rule_create(h, proto, NULL, NULL, src, dst); fw3_ipt_rule_sport_dport(r, spt, dpt); + fw3_ipt_rule_device(r, snat->device, true); fw3_ipt_rule_ipset(r, &snat->ipset); fw3_ipt_rule_limit(r, &snat->limit); fw3_ipt_rule_time(r, &snat->time); |