From patchwork Fri May  8 23:09:54 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lars <larsg@systemli.org>
X-Patchwork-Id: 470212
X-Patchwork-Delegate: jow@openwrt.org
Return-Path: <openwrt-devel-bounces@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from arrakis.dune.hu (arrakis.dune.hu [78.24.191.176])
	(using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 2DCC1140213
	for <incoming@patchwork.ozlabs.org>;
	Sat,  9 May 2015 09:11:46 +1000 (AEST)
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 8657D28BF45;
	Sat,  9 May 2015 01:09:15 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on arrakis.dune.hu
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00
	autolearn=unavailable version=3.3.2
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id E1902280845
	for <openwrt-devel@lists.openwrt.org>;
	Sat,  9 May 2015 01:08:46 +0200 (CEST)
X-policyd-weight: using cached result; rate: -7.6
Received: from mail.systemli.org (systemli.sh1b.ch [212.103.72.251])
	by arrakis.dune.hu (Postfix) with ESMTPS
	for <openwrt-devel@lists.openwrt.org>;
	Sat,  9 May 2015 01:08:44 +0200 (CEST)
From: Lars Gierth <larsg@systemli.org>
To: openwrt-devel@lists.openwrt.org
Date: Sat,  9 May 2015 01:09:54 +0200
Message-Id: <1431126594-6375-3-git-send-email-larsg@systemli.org>
In-Reply-To: <1431126594-6375-1-git-send-email-larsg@systemli.org>
References: <554CF7FA.6040708@systemli.org>
	<1431126594-6375-1-git-send-email-larsg@systemli.org>
Cc: jow@subsignal.org
Subject: [OpenWrt-Devel] [PATCH v2 2/2] firewall3: remove IPv4-only
	restriction for NAT
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

IPv6 NAT support was added in Linux Kernel 3.7 and iptables 1.4.17

Signed-off-by: Lars Gierth <larsg@systemli.org>
---
 defaults.c |  8 ++++----
 zones.c    | 11 +++++++----
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/defaults.c b/defaults.c
index 396cbf7..45d6de6 100644
--- a/defaults.c
+++ b/defaults.c
@@ -32,10 +32,10 @@ static const struct fw3_chain_spec default_chains[] = {
 	C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_rule"),
 	C(ANY, FILTER, SYN_FLOOD,     "syn_flood"),
 
-	C(V4,  NAT,    UNSPEC,        "delegate_prerouting"),
-	C(V4,  NAT,    UNSPEC,        "delegate_postrouting"),
-	C(V4,  NAT,    CUSTOM_CHAINS, "prerouting_rule"),
-	C(V4,  NAT,    CUSTOM_CHAINS, "postrouting_rule"),
+	C(ANY, NAT,    UNSPEC,        "delegate_prerouting"),
+	C(ANY, NAT,    UNSPEC,        "delegate_postrouting"),
+	C(ANY, NAT,    CUSTOM_CHAINS, "prerouting_rule"),
+	C(ANY, NAT,    CUSTOM_CHAINS, "postrouting_rule"),
 
 	C(ANY, MANGLE, UNSPEC,        "mssfix"),
 	C(ANY, MANGLE, UNSPEC,        "fwmark"),
diff --git a/zones.c b/zones.c
index c902ebc..7c1baa7 100644
--- a/zones.c
+++ b/zones.c
@@ -36,8 +36,8 @@ static const struct fw3_chain_spec zone_chains[] = {
 	C(ANY, FILTER, REJECT,        "zone_%s_dest_REJECT"),
 	C(ANY, FILTER, DROP,          "zone_%s_dest_DROP"),
 
-	C(V4,  NAT,    SNAT,          "zone_%s_postrouting"),
-	C(V4,  NAT,    DNAT,          "zone_%s_prerouting"),
+	C(ANY, NAT,    SNAT,          "zone_%s_postrouting"),
+	C(ANY, NAT,    DNAT,          "zone_%s_prerouting"),
 
 	C(ANY, RAW,    NOTRACK,       "zone_%s_notrack"),
 
@@ -45,8 +45,8 @@ static const struct fw3_chain_spec zone_chains[] = {
 	C(ANY, FILTER, CUSTOM_CHAINS, "output_%s_rule"),
 	C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_%s_rule"),
 
-	C(V4,  NAT,    CUSTOM_CHAINS, "prerouting_%s_rule"),
-	C(V4,  NAT,    CUSTOM_CHAINS, "postrouting_%s_rule"),
+	C(ANY, NAT,    CUSTOM_CHAINS, "prerouting_%s_rule"),
+	C(ANY, NAT,    CUSTOM_CHAINS, "postrouting_%s_rule"),
 
 	{ }
 };
@@ -218,6 +218,7 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 		if (zone->masq)
 		{
 			setbit(zone->flags[0], FW3_FLAG_SNAT);
+			setbit(zone->flags[1], FW3_FLAG_SNAT);
 			zone->conntrack = true;
 		}
 
@@ -230,7 +231,9 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 		if (zone->custom_chains)
 		{
 			setbit(zone->flags[0], FW3_FLAG_SNAT);
+			setbit(zone->flags[1], FW3_FLAG_SNAT);
 			setbit(zone->flags[0], FW3_FLAG_DNAT);
+			setbit(zone->flags[1], FW3_FLAG_DNAT);
 		}
 
 		setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));