X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=zones.c;h=6ab3d12176e49c6c7a85dc8f4050280ed2bc538a;hb=8dd290b85ee8d57026581891e9a34945d077fa3b;hp=8225601897f1d3c8d788e4d74bd6d1f6b5d235a7;hpb=c25922c05ae594c4c35fa65f27fd21c3a033f4ec;p=project%2Ffirewall3.git

diff --git a/zones.c b/zones.c
index 8225601..6ab3d12 100644
--- a/zones.c
+++ b/zones.c
@@ -128,13 +128,10 @@ fw3_alloc_zone(void)
 {
 	struct fw3_zone *zone;
 
-	zone = malloc(sizeof(*zone));
-
+	zone = calloc(1, sizeof(*zone));
 	if (!zone)
 		return NULL;
 
-	memset(zone, 0, sizeof(*zone));
-
 	INIT_LIST_HEAD(&zone->networks);
 	INIT_LIST_HEAD(&zone->devices);
 	INIT_LIST_HEAD(&zone->subnets);
@@ -473,6 +470,21 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	switch (handle->table)
 	{
 	case FW3_TABLE_FILTER:
+		if (has(zone->flags, handle->family, FW3_FLAG_DNAT))
+		{
+			r = fw3_ipt_rule_new(handle);
+			fw3_ipt_rule_extra(r, "-m conntrack --ctstate DNAT");
+			fw3_ipt_rule_comment(r, "Accept port redirections");
+			fw3_ipt_rule_target(r, fw3_flag_names[FW3_FLAG_ACCEPT]);
+			fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
+
+			r = fw3_ipt_rule_new(handle);
+			fw3_ipt_rule_extra(r, "-m conntrack --ctstate DNAT");
+			fw3_ipt_rule_comment(r, "Accept port forwards");
+			fw3_ipt_rule_target(r, fw3_flag_names[FW3_FLAG_ACCEPT]);
+			fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);
+		}
+
 		r = fw3_ipt_rule_new(handle);
 		fw3_ipt_rule_target(r, "zone_%s_src_%s", zone->name,
 		                     fw3_flag_names[zone->policy_input]);
@@ -666,31 +678,16 @@ fw3_resolve_zone_addresses(struct fw3_zone *zone)
 {
 	struct fw3_device *net;
 	struct fw3_address *addr, *tmp;
-	struct list_head *addrs, *all;
-
-	all = malloc(sizeof(*all));
+	struct list_head *all;
 
+	all = calloc(1, sizeof(*all));
 	if (!all)
 		return NULL;
 
-	memset(all, 0, sizeof(*all));
 	INIT_LIST_HEAD(all);
 
 	list_for_each_entry(net, &zone->networks, list)
-	{
-		addrs = fw3_ubus_address(net->name);
-
-		if (!addrs)
-			continue;
-
-		list_for_each_entry_safe(addr, tmp, addrs, list)
-		{
-			list_del(&addr->list);
-			list_add_tail(&addr->list, all);
-		}
-
-		free(addrs);
-	}
+		fw3_ubus_address(all, net->name);
 
 	list_for_each_entry(addr, &zone->subnets, list)
 	{