allows to set additional options for masquerading rules
via new option extra_masq.
Useful e.g. for not NATing VPN traffic with:
option 'extra_masq' '-m policy --dir out --pol none'
Signed-off-by: Ulrich Weber <u...@ocedo.com>
---
options.h | 1 +
zones.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/options.h b/options.h
index 0a2fa7f..2ecfe19 100644
--- a/options.h
+++ b/options.h
@@ -301,6 +301,7 @@ struct fw3_zone
const char *extra_src;
const char *extra_dest;
+ const char *extra_masq;
bool masq;
struct list_head masq_src;
diff --git a/zones.c b/zones.c
index fe507b0..062ff2a 100644
--- a/zones.c
+++ b/zones.c
@@ -72,6 +72,7 @@ const struct fw3_option fw3_zone_opts[] = {
FW3_OPT("extra", string, zone, extra_src),
FW3_OPT("extra_src", string, zone, extra_src),
FW3_OPT("extra_dest", string, zone, extra_dest),
+ FW3_OPT("extra_masq", string, zone, extra_masq),
FW3_OPT("conntrack", bool, zone, conntrack),
FW3_OPT("mtu_fix", bool, zone, mtu_fix),
@@ -551,6 +552,7 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct
fw3_state *state,
r = fw3_ipt_rule_new(handle);
fw3_ipt_rule_src_dest(r, msrc, mdest);
fw3_ipt_rule_target(r, "MASQUERADE");
+ fw3_ipt_rule_extra(r, zone->extra_masq);
fw3_ipt_rule_append(r, "zone_%s_postrouting",
zone->name);
}
}
--
1.8.3.2
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
