diff --git a/include/target.mk b/include/target.mk index 61e589bf6..4e5c6a6da 100644 --- a/include/target.mk +++ b/include/target.mk @@ -18,7 +18,7 @@ iptables-mod-nat-extra kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw km default-settings ipset-lists luci luci-app-ddns luci-app-sqm luci-app-upnp luci-app-adbyby-plus luci-app-autoreboot \ luci-app-filetransfer luci-app-ssr-pro luci-app-usb-printer luci-app-vsftpd ddns-scripts_aliyun luci-app-xlnetacc \ luci-app-pptp-server luci-app-ipsec-vpnd luci-app-vlmcsd luci-app-wifischedule luci-app-wol \ -luci-app-sfe luci-app-flowoffload luci-app-nlbwmon luci-app-fullconenat +luci-app-sfe luci-app-flowoffload luci-app-nlbwmon # For nas targets DEFAULT_PACKAGES.nas:=block-mount fdisk lsblk mdadm # For router targets diff --git a/package/lean/luci-app-fullconenat/Makefile b/package/lean/luci-app-fullconenat/Makefile deleted file mode 100755 index 9b594ce4c..000000000 --- a/package/lean/luci-app-fullconenat/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -#-- Copyright (C) 2018 dz - -include $(TOPDIR)/rules.mk - -LUCI_TITLE:=LuCI support for FullConeNat -LUCI_DEPENDS:=+iptables-mod-fullconenat -LUCI_PKGARCH:=all -PKG_VERSION:=1.4 -PKG_RELEASE:=2 - -include $(TOPDIR)/feeds/luci/luci.mk - -# call BuildPackage - OpenWrt buildroot signature - diff --git a/package/lean/luci-app-fullconenat/luasrc/controller/fullconenat.lua b/package/lean/luci-app-fullconenat/luasrc/controller/fullconenat.lua deleted file mode 100755 index c1ba13d66..000000000 --- a/package/lean/luci-app-fullconenat/luasrc/controller/fullconenat.lua +++ /dev/null @@ -1,11 +0,0 @@ -module("luci.controller.fullconenat", package.seeall) - -function index() - if not nixio.fs.access("/etc/config/fullconenat") then - return - end - local page - page = entry({"admin", "network", "fullconenat"}, cbi("fullconenat"), _("fullconenat"), 101) - page.i18n = "fullconenat" - page.dependent = true -end diff --git a/package/lean/luci-app-fullconenat/luasrc/model/cbi/fullconenat.lua b/package/lean/luci-app-fullconenat/luasrc/model/cbi/fullconenat.lua deleted file mode 100755 index 1862ab750..000000000 --- a/package/lean/luci-app-fullconenat/luasrc/model/cbi/fullconenat.lua +++ /dev/null @@ -1,33 +0,0 @@ -#-- Copyright (C) 2018 dz - -require("nixio.fs") -require("luci.http") - -m = Map("fullconenat", translate("Full cone NAT"), - translate("FullConeNat.")) - -if luci.sys.call("iptables -t nat -L -n --line-numbers | grep FULLCONENAT >/dev/null") == 0 then - m = Map("fullconenat", translate("FullConeNat"), "%s - %s" %{translate("FULLCONENAT"), translate("Running")}) -else - m = Map("fullconenat", translate("FullConeNat"), "%s - %s" %{translate("FULLCONENAT"), translate("Not Running")}) -end - - --- Basic -s = m:section(TypedSection, "fullconenat", translate("Settings"), translate("FullConeNat Settings")) -s.anonymous = true - -enable = s:option(Flag, "enabled", translate("Enable"), translate("Warning!!! There is security risk after opening.")) -enable.default = 0 -enable.rmempty = false - ----- ALL Eanble -enable = s:option(Flag, "all_enabled", translate("ALL Enabled")) -enable.default = 0 -enable.rmempty = false - --- fullconenat ip -o = s:option(Value, "fullconenat_ip", translate("FullConeNat IP"), translate("FullConeNat IP:192.168.1.100,192.168.1.101,192.168.1.102")) -o.rempty = true - -return m diff --git a/package/lean/luci-app-fullconenat/po/zh-cn/fullconenat.po b/package/lean/luci-app-fullconenat/po/zh-cn/fullconenat.po deleted file mode 100755 index be848fda2..000000000 --- a/package/lean/luci-app-fullconenat/po/zh-cn/fullconenat.po +++ /dev/null @@ -1,35 +0,0 @@ -msgid "fullconenat" -msgstr "Full cone NAT" - -msgid "FULLCONENAT" -msgstr "Full cone NAT" - -msgid "Running" -msgstr "正在运行" - -msgid "Not Running" -msgstr "未运行" - - - -msgid "Settings" -msgstr "设置" - -msgid "FullConeNat Settings" -msgstr "Full Cone NAT设置" - -msgid "Enable" -msgstr "启用" - -msgid "Warning!!! There is security risk after opening." -msgstr "警告!!!开启后内网存在端口直接暴露的安全风险." - -msgid "ALL Enabled" -msgstr "全LAN子网开启-Full cone NAT(危险!)" - -msgid "FullConeNat IP" -msgstr "只在以下内网映射IP开放Full Cone NAT" - -msgid "FullConeNat IP:192.168.1.100,192.168.1.101,192.168.1.102" -msgstr "可多内网IP映射用,隔开.举例映射IP:192.168.1.100,192.168.1.101,192.168.1.102" - diff --git a/package/lean/luci-app-fullconenat/root/etc/config/fullconenat b/package/lean/luci-app-fullconenat/root/etc/config/fullconenat deleted file mode 100755 index 4b94bdd43..000000000 --- a/package/lean/luci-app-fullconenat/root/etc/config/fullconenat +++ /dev/null @@ -1,5 +0,0 @@ - -config fullconenat 'config' - option all_enabled '0' - option fullconenat_ip '192.168.1.100' - option enabled '0' diff --git a/package/lean/luci-app-fullconenat/root/etc/init.d/fullconenat b/package/lean/luci-app-fullconenat/root/etc/init.d/fullconenat deleted file mode 100755 index c19035a02..000000000 --- a/package/lean/luci-app-fullconenat/root/etc/init.d/fullconenat +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh /etc/rc.common -#-- Copyright (C) 2018 dz - -START=99 - -re=0 - -start(){ - echo "enable" - enable=$(uci get fullconenat.config.enabled 2>/dev/null) - all_enable=$(uci get fullconenat.config.all_enabled 2>/dev/null) - fullconenat_ip=$(uci get fullconenat.config.fullconenat_ip 2>/dev/null) - if [ $enable -eq 1 ]; then - iptables -t nat -D zone_wan_prerouting -j FULLCONENAT - iptables -t nat -D zone_wan_postrouting -s $fullconenat_ip -j FULLCONENAT - iptables -t nat -D zone_wan_postrouting -j MASQUERADE - iptables -t nat -D zone_wan_postrouting -j FULLCONENAT - insmod xt_FULLCONENAT - sleep 5 - sed -i '/FULLCONENAT/d' /etc/firewall.user - sed -i '/zone_wan_postrouting -j MASQUERADE/d' /etc/firewall.user - if [ $all_enable -eq 0 ]; then - echo "iptables -t nat -A zone_wan_prerouting -j FULLCONENAT" >> /etc/firewall.user - echo "iptables -t nat -A zone_wan_postrouting -s $fullconenat_ip -j FULLCONENAT" >> /etc/firewall.user - echo "iptables -t nat -A zone_wan_postrouting -j MASQUERADE" >> /etc/firewall.user - elif [ $all_enable -eq 1 ]; then - echo "iptables -t nat -A zone_wan_prerouting -j FULLCONENAT" >> /etc/firewall.user - echo "iptables -t nat -A zone_wan_postrouting -j FULLCONENAT" >> /etc/firewall.user - fi - sleep 1 - uci set firewall.@zone[1].masq=0 - uci commit firewall - if [ $re -eq 0 ]; then - echo $re - /etc/init.d/firewall restart - fi - fi -} - -stop(){ - echo "stop" - fullconenat_ip=$(uci get fullconenat.config.fullconenat_ip 2>/dev/null) - enable=$(uci get fullconenat.config.enabled 2>/dev/null) - if [ $enable -eq 0 ]; then - echo "disable" - rmmod xt_FULLCONENAT - sleep 1 - iptables -t nat -D zone_wan_prerouting -j FULLCONENAT - iptables -t nat -D zone_wan_postrouting -s $fullconenat_ip -j FULLCONENAT - iptables -t nat -D zone_wan_postrouting -j MASQUERADE - iptables -t nat -D zone_wan_postrouting -j FULLCONENAT - sed -i '/zone_wan_postrouting -j MASQUERADE/d' /etc/firewall.user - sed -i '/FULLCONENAT/d' /etc/firewall.user - uci set firewall.@zone[1].masq=1 - uci commit firewall - if [ $re -ne 1 ]; then - echo $re - /etc/init.d/firewall restart - fi - fi -} - - -restart(){ - re=1 - stop - start - /etc/init.d/firewall restart -} diff --git a/package/lean/luci-app-fullconenat/root/etc/uci-defaults/fullconenat b/package/lean/luci-app-fullconenat/root/etc/uci-defaults/fullconenat deleted file mode 100755 index 58ced1f02..000000000 --- a/package/lean/luci-app-fullconenat/root/etc/uci-defaults/fullconenat +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -uci -q batch <<-EOF >/dev/null - delete ucitrack.@fullconenat[-1] - add ucitrack fullconenat - set ucitrack.@fullconenat[-1].init=fullconenat - commit ucitrack -EOF - -/etc/init.d/fullconenat enable - -rm -f /tmp/luci-indexcache -exit 0 diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile index 830a1b268..2ac060acd 100644 --- a/package/network/config/firewall/Makefile +++ b/package/network/config/firewall/Makefile @@ -28,9 +28,19 @@ define Package/firewall SECTION:=net CATEGORY:=Base system TITLE:=OpenWrt C Firewall - DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables +kmod-ipt-core +kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +kmod-ipt-nat + DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables +kmod-ipt-core +kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +kmod-ipt-nat +PACKAGE_firewall-FULLCONENAT:iptables-mod-fullconenat endef +define Package/firewall/config +if PACKAGE_firewall + config PACKAGE_firewall-FULLCONENAT + bool "Use FULLCONENAT" + default y +endif +endef + +TARGET_CFLAGS += $(if $(CONFIG_PACKAGE_firewall-FULLCONENAT),-DUSE_FULLCONENAT,) + define Package/firewall/description This package provides a config-compatible C implementation of the UCI firewall. endef diff --git a/package/network/config/firewall/patches/fullconenat.patch b/package/network/config/firewall/patches/fullconenat.patch new file mode 100644 index 000000000..0e05b6b2a --- /dev/null +++ b/package/network/config/firewall/patches/fullconenat.patch @@ -0,0 +1,23 @@ +diff --git a/zones.c b/zones.c +index 505ab20..44500d5 100644 +--- a/zones.c ++++ b/zones.c +@@ -708,8 +708,18 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, + { + r = fw3_ipt_rule_new(handle); + fw3_ipt_rule_src_dest(r, msrc, mdest); ++#ifdef USE_FULLCONENAT ++ fw3_ipt_rule_target(r, "FULLCONENAT"); ++#else + fw3_ipt_rule_target(r, "MASQUERADE"); ++#endif + fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name); ++#ifdef USE_FULLCONENAT ++ r = fw3_ipt_rule_new(handle); ++ fw3_ipt_rule_src_dest(r, msrc, mdest); ++ fw3_ipt_rule_target(r, "FULLCONENAT"); ++ fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name); ++#endif + } + } + }