lede/package/network/config/firewall/patches/100-fullconenat.patch

index 85a3750..9fac9b1 100644
--- a/defaults.c
+++ b/defaults.c
@@ -48,7 +48,9 @@ const struct fw3_option fw3_flag_opts[]
 	FW3_OPT("synflood_protect",    bool,     defaults, syn_flood),
 	FW3_OPT("synflood_rate",       limit,    defaults, syn_flood_rate),
 	FW3_OPT("synflood_burst",      int,      defaults, syn_flood_rate.burst),
-
+	
+	FW3_OPT("fullcone",           bool,     defaults, fullcone),
+	
 	FW3_OPT("tcp_syncookies",      bool,     defaults, tcp_syncookies),
 	FW3_OPT("tcp_ecn",             int,      defaults, tcp_ecn),
 	FW3_OPT("tcp_window_scaling",  bool,     defaults, tcp_window_scaling),
--- a/options.h
+++ b/options.h
@@ -297,6 +297,7 @@ struct fw3_defaults
 	enum fw3_reject_code any_reject_code;
 
 	bool syn_flood;
+	bool fullcone;
 	struct fw3_limit syn_flood_rate;
 
 	bool tcp_syncookies;
--- a/zones.c
+++ b/zones.c
@@ -670,6 +670,7 @@ print_zone_rule(struct fw3_ipt_handle *h
 	struct fw3_address *msrc;
 	struct fw3_address *mdest;
 	struct fw3_ipt_rule *r;
+	struct fw3_defaults *defs = &state->defaults;
 
 	if (!fw3_is_family(zone, handle->family))
 		return;
@@ -755,8 +756,22 @@ print_zone_rule(struct fw3_ipt_handle *h
 				{
 					r = fw3_ipt_rule_new(handle);
 					fw3_ipt_rule_src_dest(r, msrc, mdest);
-					fw3_ipt_rule_target(r, "MASQUERADE");
-					fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+					/*FIXME: Workaround for FULLCONE-NAT*/
+					if(defs->fullcone)
+					{
+						warn("%s will enable FULLCONE-NAT", zone->name);
+						fw3_ipt_rule_target(r, "FULLCONENAT");
+						fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+						r = fw3_ipt_rule_new(handle);
+						fw3_ipt_rule_src_dest(r, msrc, mdest);
+						fw3_ipt_rule_target(r, "FULLCONENAT");
+						fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name);
+					}
+					else
+					{
+						fw3_ipt_rule_target(r, "MASQUERADE");
+						fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+					}
 				}
 			}
 		}