[backfire] firewall: consider zones referenced by redirects as conntracked (#7196)

[openwrt-10.03/.git] / package / firewall / files / uci_firewall.sh

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 8d7538201b97882d9236b02a66c4a3c0ec41651a..be1d437a6af90c883267074fc8530f8db8b52acf 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -356,6 +356,9 @@ fw_redirect() {
        [ -z "$src" -o -z "$dest_ip" ] && { \
                echo "redirect needs src and dest_ip"; return ; }
 
+       find_item "$src" $CONNTRACK_ZONES || \
+               append CONNTRACK_ZONES "$src"
+
        src_port_first=${src_port%-*}
        src_port_last=${src_port#*-}
        [ "$src_port_first" != "$src_port_last" ] && { \
@@ -391,6 +394,7 @@ fw_redirect() {
                        ${src_mac:+-m mac --mac-source $src_mac} \
                        -j ACCEPT
        }
+
        [ "$proto" == "tcpudp" -o -z "$proto" ] && {
                proto=tcp
                add_rule