[firewall3][PATCH] zones: limit masq_allow_invalid effect to ipv4 family

Alin Nastac Wed, 01 Jul 2020 07:52:57 -0700

Preventing NAT leakage on ipv6 doesn't make sense, as
all other masq* options have effect only on ipv4.


Signed-off-by: Alin Nastac <alin.nas...@gmail.com>
---
 zones.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zones.c b/zones.c
index 68b02ab..dbf23dc 100644
--- a/zones.c
+++ b/zones.c
@@ -501,7 +501,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct 
fw3_state *state,
 
                        if (has(zone->flags, handle->family, t))
                        {
-                               if (t == FW3_FLAG_ACCEPT &&
+                               if (t == FW3_FLAG_ACCEPT && handle->family == 
FW3_FAMILY_V4 &&
                                    zone->masq && !zone->masq_allow_invalid)
                                {
                                        r = fw3_ipt_rule_create(handle, NULL, 
NULL, dev, NULL, sub);
-- 
2.7.4


_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[firewall3][PATCH] zones: limit masq_allow_invalid effect to ipv4 family

Reply via email to