NFTables fixes and scripts
This commit fixes the list detection and uses the inet chain for ipv4. The scripts got reworked as well and a display script was added.
This commit is contained in:
Sven Auhagen
parent
ee84a3949d
commit
f67f6ae5f0
|
|
@ -132,7 +132,7 @@ add_redirect_rule2(const char * ifname,
|
||||||
d_printf(("add redirect rule2(%s, %s, %u, %s, %u, %d, %s)!\n",
|
d_printf(("add redirect rule2(%s, %s, %u, %s, %u, %d, %s)!\n",
|
||||||
ifname, rhost, eport, iaddr, iport, proto, desc));
|
ifname, rhost, eport, iaddr, iport, proto, desc));
|
||||||
|
|
||||||
r = rule_set_dnat(NFPROTO_IPV4, ifname, proto,
|
r = rule_set_dnat(NFPROTO_INET, ifname, proto,
|
||||||
0, eport,
|
0, eport,
|
||||||
inet_addr(iaddr), iport, desc, NULL);
|
inet_addr(iaddr), iport, desc, NULL);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -604,15 +604,15 @@ table_cb(const struct nlmsghdr *nlh, void *data)
|
||||||
|
|
||||||
if (r->type == RULE_NONE) {
|
if (r->type == RULE_NONE) {
|
||||||
free(r);
|
free(r);
|
||||||
} else if (strcmp(r->chain, miniupnpd_nat_postrouting_chain) == 0) {
|
} else if (r->type == RULE_NAT && r->nat_type == NFT_NAT_SNAT) {
|
||||||
r->index = index_peer;
|
r->index = index_peer;
|
||||||
LIST_INSERT_HEAD(&head_peer, r, entry);
|
LIST_INSERT_HEAD(&head_peer, r, entry);
|
||||||
index_peer++;
|
index_peer++;
|
||||||
} else if (strcmp(r->chain, miniupnpd_nat_chain) == 0) {
|
} else if (r->type == RULE_NAT && r->nat_type == NFT_NAT_DNAT) {
|
||||||
r->index = index_redirect;
|
r->index = index_redirect;
|
||||||
LIST_INSERT_HEAD(&head_redirect, r, entry);
|
LIST_INSERT_HEAD(&head_redirect, r, entry);
|
||||||
index_redirect++;
|
index_redirect++;
|
||||||
} else {
|
} else if (r->type == RULE_FILTER) {
|
||||||
r->index = index_filter;
|
r->index = index_filter;
|
||||||
LIST_INSERT_HEAD(&head_filter, r, entry);
|
LIST_INSERT_HEAD(&head_filter, r, entry);
|
||||||
index_filter++;
|
index_filter++;
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
#! /sbin/nft -f
|
#!/bin/sh
|
||||||
|
|
||||||
delete chain nat MINIUPNPD
|
nft delete chain nat MINIUPNPD
|
||||||
delete chain nat MINIUPNPD-POSTROUTING
|
nft delete chain nat MINIUPNPD-POSTROUTING
|
||||||
delete chain filter MINIUPNPD
|
nft delete chain filter MINIUPNPD
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Prerouting
|
||||||
|
nft list chain ip nat MINIUPNPD
|
||||||
|
# Postrouting
|
||||||
|
nft list chain ip nat MINIUPNPD-POSTROUTING
|
||||||
|
# Filter
|
||||||
|
nft list chain inet filter MINIUPNPD
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
#! /sbin/nft -f
|
#!/bin/sh
|
||||||
|
|
||||||
flush chain ip nat MINIUPNPD
|
nft flush chain ip nat MINIUPNPD
|
||||||
flush chain ip nat MINIUPNPD-POSTROUTING
|
nft flush chain ip nat MINIUPNPD-POSTROUTING
|
||||||
flush chain inet filter MINIUPNPD
|
nft flush chain inet filter MINIUPNPD
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
#! /bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
nft list table nat > /dev/null
|
nft list table nat > /dev/null
|
||||||
nft_nat_exists=$?
|
nft_nat_exists=$?
|
||||||
nft list table filter > /dev/null
|
nft list table inet filter > /dev/null
|
||||||
nft_filter_exists=$?
|
nft_filter_exists=$?
|
||||||
nft list table mangle > /dev/null
|
#nft list table inet mangle > /dev/null
|
||||||
nft_mangle_exists=$?
|
#nft_mangle_exists=$?
|
||||||
|
|
||||||
if [ $nft_nat_exists -eq "1" ]; then
|
if [ $nft_nat_exists -eq "1" ]; then
|
||||||
echo "create nat"
|
echo "create nat"
|
||||||
|
|
@ -15,19 +15,19 @@ if [ $nft_filter_exists -eq "1" ]; then
|
||||||
echo "create filter"
|
echo "create filter"
|
||||||
nft "add table inet filter"
|
nft "add table inet filter"
|
||||||
fi
|
fi
|
||||||
if [ $nft_mangle_exists -eq "1" ]; then
|
#if [ $nft_mangle_exists -eq "1" ]; then
|
||||||
echo "create mangle"
|
# echo "create mangle"
|
||||||
nft "add table mangle"
|
# nft "add table mangle"
|
||||||
fi
|
#fi
|
||||||
|
|
||||||
nft list chain nat MINIUPNPD > /dev/null
|
nft list chain nat MINIUPNPD > /dev/null
|
||||||
nft_nat_miniupnpd_exists=$?
|
nft_nat_miniupnpd_exists=$?
|
||||||
nft list chain nat MINIUPNPD-POSTROUTING > /dev/null
|
nft list chain nat MINIUPNPD-POSTROUTING > /dev/null
|
||||||
nft_nat_miniupnpd_pcp_peer_exists=$?
|
nft_nat_miniupnpd_pcp_peer_exists=$?
|
||||||
nft list chain filter MINIUPNPD > /dev/null
|
nft list chain inet filter MINIUPNPD > /dev/null
|
||||||
nft_filter_miniupnpd_exists=$?
|
nft_filter_miniupnpd_exists=$?
|
||||||
nft list chain mangle MINIUPNPD > /dev/null
|
#nft list chain inet mangle MINIUPNPD > /dev/null
|
||||||
nft_mangle_miniupnpd_exists=$?
|
#nft_mangle_miniupnpd_exists=$?
|
||||||
|
|
||||||
if [ $nft_nat_miniupnpd_exists -eq "1" ]; then
|
if [ $nft_nat_miniupnpd_exists -eq "1" ]; then
|
||||||
echo "create chain in nat"
|
echo "create chain in nat"
|
||||||
|
|
@ -39,9 +39,9 @@ if [ $nft_nat_miniupnpd_pcp_peer_exists -eq "1" ]; then
|
||||||
fi
|
fi
|
||||||
if [ $nft_filter_miniupnpd_exists -eq "1" ]; then
|
if [ $nft_filter_miniupnpd_exists -eq "1" ]; then
|
||||||
echo "create chain in filter "
|
echo "create chain in filter "
|
||||||
nft "add chain filter MINIUPNPD"
|
nft "add chain inet filter MINIUPNPD"
|
||||||
fi
|
|
||||||
if [ $nft_mangle_miniupnpd_exists -eq "1" ]; then
|
|
||||||
echo "create chain in mangle"
|
|
||||||
nft "add chain mangle MINIUPNPD"
|
|
||||||
fi
|
fi
|
||||||
|
#if [ $nft_mangle_miniupnpd_exists -eq "1" ]; then
|
||||||
|
# echo "create chain in mangle"
|
||||||
|
# nft "add chain inet mangle MINIUPNPD"
|
||||||
|
#fi
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,4 @@
|
||||||
#! /sbin/nft -f
|
#!/bin/sh
|
||||||
|
|
||||||
delete rule nat MINIUPNPD
|
# Remove all rules in nft not just miniupnpd
|
||||||
delete rule nat MINIUPNPD-POSTROUTING
|
nft flush ruleset
|
||||||
delete rule filter MINIUPNPD
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue