map: don't set default firewall zone to wan

Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add procd inbound/outbound firewall rules if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

diff --git a/package/network/ipv6/map/Makefile b/package/network/ipv6/map/Makefile
index 5a18c7b01f05ebb5aa859313e429edfa8d41ea95..f05f216a4c8f1b27cb95e400ee71b1214883e4c1 100644 (file)
--- a/package/network/ipv6/map/Makefile
+++ b/package/network/ipv6/map/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map
 PKG_VERSION:=4
-PKG_RELEASE:=12
+PKG_RELEASE:=13
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk

diff --git a/package/network/ipv6/map/files/map.sh b/package/network/ipv6/map/files/map.sh
index 70dc72326c4657b375b542e7f31d9ddb7aefe1d7..6462e810ccdff55cd22003285e0976f2608224fb 100755 (executable)
--- a/package/network/ipv6/map/files/map.sh
+++ b/package/network/ipv6/map/files/map.sh
@@ -33,7 +33,7 @@ proto_map_setup() {
        json_get_vars type mtu ttl tunlink zone encaplimit
        json_get_vars rule ipaddr ip4prefixlen ip6prefix ip6prefixlen peeraddr ealen psidlen psid offset
 
-       [ -z "$zone" ] && zone="wan"
+       [ "$zone" = "-" ] && zone=""
        [ -z "$type" ] && type="map-e"
        [ -z "$ip4prefixlen" ] && ip4prefixlen=32
 
@@ -129,7 +129,7 @@ proto_map_setup() {
 
        proto_add_ipv4_route "0.0.0.0" 0
        proto_add_data
-       [ "$zone" != "-" ] && json_add_string zone "$zone"
+       [ -n "$zone" ] && json_add_string zone "$zone"
 
        json_add_array firewall
          if [ -z "$(eval "echo \$RULE_${k}_PORTSETS")" ]; then
@@ -155,26 +155,30 @@ proto_map_setup() {
            done
          fi
          if [ "$type" = "map-t" ]; then
-               json_add_object ""
-                       json_add_string type rule
-                       json_add_string family inet6
-                       json_add_string proto all
-                       json_add_string direction in
-                       json_add_string dest "$zone"
-                       json_add_string src "$zone"
-                       json_add_string src_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
-                       json_add_string target ACCEPT
-               json_close_object
-               json_add_object ""
-                       json_add_string type rule
-                       json_add_string family inet6
-                       json_add_string proto all
-                       json_add_string direction out
-                       json_add_string dest "$zone"
-                       json_add_string src "$zone"
-                       json_add_string dest_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
-                       json_add_string target ACCEPT
-               json_close_object
+               [ -z "$zone" ] && zone=$(fw3 -q network $iface 2>/dev/null)
+
+               [ -n "$zone" ] && {
+                       json_add_object ""
+                               json_add_string type rule
+                               json_add_string family inet6
+                               json_add_string proto all
+                               json_add_string direction in
+                               json_add_string dest "$zone"
+                               json_add_string src "$zone"
+                               json_add_string src_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
+                               json_add_string target ACCEPT
+                       json_close_object
+                       json_add_object ""
+                               json_add_string type rule
+                               json_add_string family inet6
+                               json_add_string proto all
+                               json_add_string direction out
+                               json_add_string dest "$zone"
+                               json_add_string src "$zone"
+                               json_add_string dest_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
+                               json_add_string target ACCEPT
+                       json_close_object
+               }
                proto_add_ipv6_route $(eval "echo \$RULE_${k}_IPV6ADDR") 128
          fi
        json_close_array