464xlat: don't set default firewall zone to wan

Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This commit is contained in:
Hans Dedecker 2019-04-29 16:03:11 +02:00
parent ace241014c
commit 470f5b31e3
2 changed files with 17 additions and 13 deletions

View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=464xlat
PKG_VERSION:=11
PKG_VERSION:=12
PKG_SOURCE_DATE:=2018-01-16
PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>

View File

@ -27,7 +27,7 @@ proto_464xlat_setup() {
local ip6addr ip6prefix tunlink zone
json_get_vars ip6addr ip6prefix tunlink zone
[ -z "$zone" ] && zone="wan"
[ "$zone" = "-" ] && zone=""
( proto_add_host_dependency "$cfg" "::" "$tunlink" )
@ -53,25 +53,29 @@ proto_464xlat_setup() {
proto_add_ipv6_route $ip6addr 128 "" "" "" "" 128
proto_add_data
[ "$zone" != "-" ] && json_add_string zone "$zone"
[ -n "$zone" ] && json_add_string zone "$zone"
json_add_array firewall
[ -z "$zone" ] && zone=$(fw3 -q network $iface 2>/dev/null)
json_add_object ""
json_add_string type nat
json_add_string target SNAT
json_add_string family inet
json_add_string snat_ip 192.0.0.1
json_close_object
json_add_object ""
json_add_string type rule
json_add_string family inet6
json_add_string proto all
json_add_string direction in
json_add_string dest "$zone"
json_add_string src "$zone"
json_add_string src_ip $ip6addr
json_add_string target ACCEPT
json_close_object
[ -n "$zone" ] && {
json_add_object ""
json_add_string type rule
json_add_string family inet6
json_add_string proto all
json_add_string direction in
json_add_string dest "$zone"
json_add_string src "$zone"
json_add_string src_ip $ip6addr
json_add_string target ACCEPT
json_close_object
}
json_close_array
proto_close_data