projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
zones: make forward policy destination bound
[project/firewall3.git]
/
zones.c
diff --git
a/zones.c
b/zones.c
index 53c62461b927b2ae61dca04fe47335ba32870b33..ebc4a2a6d7b0bcc5c7da894cc7dd931f1573b014 100644
(file)
--- a/
zones.c
+++ b/
zones.c
@@
-223,11
+223,11
@@
fw3_load_zones(struct fw3_state *state, struct uci_package *p)
}
setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));
}
setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));
- setbit(zone->flags[0],
fw3_to_src_target(zone->policy_forward)
);
+ setbit(zone->flags[0],
zone->policy_forward
);
setbit(zone->flags[0], zone->policy_output);
setbit(zone->flags[1], fw3_to_src_target(zone->policy_input));
setbit(zone->flags[0], zone->policy_output);
setbit(zone->flags[1], fw3_to_src_target(zone->policy_input));
- setbit(zone->flags[1],
fw3_to_src_target(zone->policy_forward)
);
+ setbit(zone->flags[1],
zone->policy_forward
);
setbit(zone->flags[1], zone->policy_output);
list_add_tail(&zone->list, &state->zones);
setbit(zone->flags[1], zone->policy_output);
list_add_tail(&zone->list, &state->zones);
@@
-491,7
+491,7
@@
print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
r = fw3_ipt_rule_new(handle);
fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
r = fw3_ipt_rule_new(handle);
- fw3_ipt_rule_target(r, "zone_%s_
src
_%s", zone->name,
+ fw3_ipt_rule_target(r, "zone_%s_
dest
_%s", zone->name,
fw3_flag_names[zone->policy_forward]);
fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);
fw3_flag_names[zone->policy_forward]);
fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);
@@
-678,7
+678,7
@@
fw3_resolve_zone_addresses(struct fw3_zone *zone)
{
struct fw3_device *net;
struct fw3_address *addr, *tmp;
{
struct fw3_device *net;
struct fw3_address *addr, *tmp;
- struct list_head *a
ddrs, *a
ll;
+ struct list_head *all;
all = calloc(1, sizeof(*all));
if (!all)
all = calloc(1, sizeof(*all));
if (!all)
@@
-687,20
+687,7
@@
fw3_resolve_zone_addresses(struct fw3_zone *zone)
INIT_LIST_HEAD(all);
list_for_each_entry(net, &zone->networks, list)
INIT_LIST_HEAD(all);
list_for_each_entry(net, &zone->networks, list)
- {
- addrs = fw3_ubus_address(net->name);
-
- if (!addrs)
- continue;
-
- list_for_each_entry_safe(addr, tmp, addrs, list)
- {
- list_del(&addr->list);
- list_add_tail(&addr->list, all);
- }
-
- free(addrs);
- }
+ fw3_ubus_address(all, net->name);
list_for_each_entry(addr, &zone->subnets, list)
{
list_for_each_entry(addr, &zone->subnets, list)
{