From ff5d7618a71cdf11089e28bf85d43f0a3fd3ccd5 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Mon, 31 Mar 2014 10:46:57 +0300 Subject: distinguish local-destined packets before routing decision --- awall-cli | 4 ++-- awall/model.lua | 28 ++++++++++++++++------------ 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/awall-cli b/awall-cli index 154fbdd..e8d8f3c 100755 --- a/awall-cli +++ b/awall-cli @@ -2,7 +2,7 @@ --[[ Alpine Wall -Copyright (C) 2012-2013 Kaarle Ritvanen +Copyright (C) 2012-2014 Kaarle Ritvanen See LICENSE file for license details ]]-- @@ -14,7 +14,7 @@ require 'stringy' function help() io.stderr:write([[ Alpine Wall -Copyright (C) 2012-2013 Kaarle Ritvanen +Copyright (C) 2012-2014 Kaarle Ritvanen This is free software with ABSOLUTELY NO WARRANTY, available under the terms of the GNU General Public License, version 2 diff --git a/awall/model.lua b/awall/model.lua index 65148c4..90fb26f 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -470,22 +470,26 @@ function Rule:trules() table.insert(res, ofrag) else - local chains - if ofrag.chain == 'PREROUTING' then chains = {'FORWARD', 'INPUT'} + local ofs, recursive + if ofrag.chain == 'PREROUTING' then + ofs = {{chain='FORWARD'}, {chain='INPUT'}} elseif ofrag.chain == 'POSTROUTING' then - chains = {'FORWARD', 'OUTPUT'} - elseif util.contains({'INPUT', 'FORWARD'}, ofrag.chain) then - chains = {'PREROUTING'} + ofs = {{chain='FORWARD'}, {chain='OUTPUT'}} + recursive = true + elseif ofrag.chain == 'INPUT' then + ofs = {{opts='-m addrtype --dst-type LOCAL', chain='PREROUTING'}} + elseif ofrag.chain == 'FORWARD' then + ofs = { + {opts='-m addrtype ! --dst-type LOCAL', chain='PREROUTING'} + } end - if chains then + if ofs then ofrag.chain = nil - util.extend(res, - convertchains(combinations({ofrag}, - util.map(chains, - function(c) - return {chain=c} - end)))) + ofs = combinations(ofs, {ofrag}) + if recursive then ofs = convertchains(ofs) end + util.extend(res, ofs) + else table.insert(res, ofrag) end end end -- cgit v1.2.3