298977887/lede
1
0
Fork 0
mirror of https://github.com/coolsnowwolf/lede.git synced 2025-07-30 22:36:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

qca-nss-ecm: enable iptables NAT loopback

Browse Source
This commit is contained in:
coolsnowwolf 2024-06-22 18:29:27 +08:00
parent 9728c59e9b
commit f06cea1eed
3 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/qca/qca-nss-ecm/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=qca-nss-ecm
PKG_RELEASE=1
PKG_RELEASE=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_DATE:=2023-10-20

24
package/qca/qca-nss-ecm/files/qca-nss-ecm.init
View File

@ -42,17 +42,17 @@ support_bridge() {
}
enable_bridge_filtering() {
sysctl -w net.bridge.bridge-nf-call-arptables=1
sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.bridge.bridge-nf-call-ip6tables=1
sysctl -w net.bridge.bridge-nf-call-arptables=0
sysctl -w net.bridge.bridge-nf-call-iptables=0
sysctl -w net.bridge.bridge-nf-call-ip6tables=0
if ([ -z "$(grep "net.bridge.bridge-nf-call-arptables=1" /etc/sysctl.d/qca-nss-ecm.conf)" ] && \
[ -z "$(grep "net.bridge.bridge-nf-call-iptables=1" /etc/sysctl.d/qca-nss-ecm.conf)" ] && \
[ -z "$(grep "net.bridge.bridge-nf-call-ip6tables=1" /etc/sysctl.d/qca-nss-ecm.conf)" ] \
if ([ -z "$(grep "net.bridge.bridge-nf-call-arptables=0" /etc/sysctl.d/qca-nss-ecm.conf)" ] && \
[ -z "$(grep "net.bridge.bridge-nf-call-iptables=0" /etc/sysctl.d/qca-nss-ecm.conf)" ] && \
[ -z "$(grep "net.bridge.bridge-nf-call-ip6tables=0" /etc/sysctl.d/qca-nss-ecm.conf)" ] \
); then
echo 'net.bridge.bridge-nf-call-arptables=1' >> /etc/sysctl.d/qca-nss-ecm.conf
echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.d/qca-nss-ecm.conf
echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.d/qca-nss-ecm.conf
echo 'net.bridge.bridge-nf-call-arptables=0' >> /etc/sysctl.d/qca-nss-ecm.conf
echo 'net.bridge.bridge-nf-call-iptables=0' >> /etc/sysctl.d/qca-nss-ecm.conf
echo 'net.bridge.bridge-nf-call-ip6tables=0' >> /etc/sysctl.d/qca-nss-ecm.conf
fi
}
@ -61,9 +61,9 @@ disable_bridge_filtering() {
sysctl -w net.bridge.bridge-nf-call-iptables=0
sysctl -w net.bridge.bridge-nf-call-ip6tables=0
sed '/net.bridge.bridge-nf-call-arptables=1/d' -i /etc/sysctl.d/qca-nss-ecm.conf
sed '/net.bridge.bridge-nf-call-iptables=1/d' -i /etc/sysctl.d/qca-nss-ecm.conf
sed '/net.bridge.bridge-nf-call-ip6tables=1/d' -i /etc/sysctl.d/qca-nss-ecm.conf
sed '/net.bridge.bridge-nf-call-arptables/d' -i /etc/sysctl.d/qca-nss-ecm.conf
sed '/net.bridge.bridge-nf-call-iptables/d' -i /etc/sysctl.d/qca-nss-ecm.conf
sed '/net.bridge.bridge-nf-call-ip6tables/d' -i /etc/sysctl.d/qca-nss-ecm.conf
}
load_ecm() {

2
package/qca/qca-nss-ecm/files/qca-nss-ecm.sysctl
View File

@ -1 +1 @@
net.netfilter.nf_conntrack_max=32768
net.netfilter.nf_conntrack_max=65536