miniupnpd/netfilter: fix iptables_init.sh for postrouting chain

should fix #334
This commit is contained in:
Thomas Bernard 2019-03-09 11:06:45 +01:00
parent 4912dc37e3
commit c3f752db4a
No known key found for this signature in database
GPG Key ID: 0FF11B67A5C0863C
1 changed files with 32 additions and 0 deletions

View File

@ -6,6 +6,7 @@
EXT=1 EXT=1
. $(dirname "$0")/miniupnpd_functions.sh . $(dirname "$0")/miniupnpd_functions.sh
# MINIUPNPD chain for nat
if [ "$NDIRTY" = "${CHAIN}Chain" ]; then if [ "$NDIRTY" = "${CHAIN}Chain" ]; then
echo "Nat table dirty; Cleaning..." echo "Nat table dirty; Cleaning..."
elif [ "$NDIRTY" = "Chain" ]; then elif [ "$NDIRTY" = "Chain" ]; then
@ -22,6 +23,22 @@ if [ "$CLEAN" = "yes" ]; then
$IPTABLES -t nat -F $CHAIN $IPTABLES -t nat -F $CHAIN
fi fi
# MINIUPNPD chain for mangle
if [ "$MDIRTY" = "${CHAIN}Chain" ]; then
echo "Mangle table dirty; Cleaning..."
elif [ "$MDIRTY" = "Chain" ]; then
echo "Dirty Mangle chain but no reference..? Fixing..."
$IPTABLES -t mangle -A PREROUTING -i $EXTIF -j $CHAIN
else
echo "Mangle table clean..initializing..."
$IPTABLES -t mangle -N $CHAIN
$IPTABLES -t mangle -A PREROUTING -i $EXTIF -j $CHAIN
fi
if [ "$CLEAN" = "yes" ]; then
$IPTABLES -t mangle -F $CHAIN
fi
# MINIUPNPD chain for filter
if [ "$FDIRTY" = "${CHAIN}Chain" ]; then if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
echo "Filter table dirty; Cleaning..." echo "Filter table dirty; Cleaning..."
elif [ "$FDIRTY" = "Chain" ]; then elif [ "$FDIRTY" = "Chain" ]; then
@ -35,3 +52,18 @@ fi
if [ "$CLEAN" = "yes" ]; then if [ "$CLEAN" = "yes" ]; then
$IPTABLES -t filter -F $CHAIN $IPTABLES -t filter -F $CHAIN
fi fi
# MINIUPNPD-POSTROUTING chain (for nat)
if [ "$NPDIRTY" = "${CHAIN}-POSTROUTINGChain" ]; then
echo "Postrouting Nat table dirty; Cleaning..."
elif [ "$NPDIRTY" = "Chain" ]; then
echo "Dirty POSTROUTING NAT chain but no reference..? Fixing..."
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
else
echo "POSTROUTING NAT table clean..initalizing.."
$IPTABLES -t nat -N $CHAIN-POSTROUTING
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
fi
if [ "$CLEAN" = "yes" ]; then
$IPTABLES -t nat -F $CHAIN-POSTROUTING
fi