firewall: bump to new version

2025-04-16 04:13:31 +00:00 · 2019-01-03 20:38:08 +08:00 · 2019-01-03 20:38:08 +08:00 · fcff889b0e
commit fcff889b0e
parent 34343829f4
2 changed files with 34 additions and 1 deletions
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@ -28,9 +28,19 @@ define Package/firewall
  SECTION:=net
  CATEGORY:=Base system
  TITLE:=OpenWrt C Firewall
-  DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables +kmod-ipt-core +kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +kmod-ipt-nat
+  DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables +kmod-ipt-core +kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +kmod-ipt-nat +PACKAGE_firewall-FULLCONENAT:iptables-mod-fullconenat
 endef

+define Package/firewall/config
+if PACKAGE_firewall
+	config PACKAGE_firewall-FULLCONENAT
+		bool "Use FULLCONENAT"
+		default y
+endif		
+endef
+
+TARGET_CFLAGS += $(if $(CONFIG_PACKAGE_firewall-FULLCONENAT),-DUSE_FULLCONENAT,)
+
 define Package/firewall/description
 This package provides a config-compatible C implementation of the UCI firewall.
 endef
--- a/package/network/config/firewall/patches/fullconenat.patch
+++ b/package/network/config/firewall/patches/fullconenat.patch
@ -0,0 +1,23 @@
+diff --git a/zones.c b/zones.c
+index 505ab20..44500d5 100644
+--- a/zones.c
+++ b/zones.c
+@@ -708,8 +708,18 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
+ 				{
+ 					r = fw3_ipt_rule_new(handle);
+ 					fw3_ipt_rule_src_dest(r, msrc, mdest);
+#ifdef USE_FULLCONENAT
+					fw3_ipt_rule_target(r, "FULLCONENAT");
+#else
+ 					fw3_ipt_rule_target(r, "MASQUERADE");
+#endif
+ 					fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+#ifdef USE_FULLCONENAT
+					r = fw3_ipt_rule_new(handle);
+					fw3_ipt_rule_src_dest(r, msrc, mdest);
+					fw3_ipt_rule_target(r, "FULLCONENAT");
+					fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name);
+#endif
+ 				}
+ 			}
+ 		}