| Message ID | 1593614640-14555-1-git-send-email-alin.nastac@gmail.com |
|---|---|
| State | Needs Review / ACK |
| Headers | show
Return-Path: <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=wuZK3/hE; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=RQGIs1fK; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49xkZl01jwz9sQt for <incoming@patchwork.ozlabs.org>; Thu, 2 Jul 2020 00:46:54 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:MIME-Version:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Message-Id:Date:Subject:To:From:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=F5RtLP7d/VEzoBV0f9Jh+J5xwj9Lc55GP+rpqkXuOLk=; b=wuZK3/hEt18qd0NJP64isaEa9Y o+XwvuuTP+lWrNFv9uaTq/X/EejYMxJTxtGzDvE1Rt1nbnkJxacX+CFmeeNWSwkz/UEMmgZsVNn+m kQzaRxUsyOjycMsY85bRfB6HEb4jYPDk17nJTNMFn9kO2tdE9tYIx3j29DgwZ52uWyEbhhb6g+qOH 9phWH3AKlBZSI9TdaBfV3NGY8u+K7kHVssrKJGjK72nlJ3lajTZNFLKGX01qyUgOUxuOztB/bcKHD IVJ8eDcGt12p9YoPbOv3y/jDfg2r6md0el56HowQXtCpMzdrrcV+6LfYKBJogPyulJCLDpOJv6ePv URmLiZrw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jqdyB-00035M-99; Wed, 01 Jul 2020 14:44:15 +0000 Received: from mail-pj1-x1043.google.com ([2607:f8b0:4864:20::1043]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jqdy9-000354-2Z for openwrt-devel@lists.openwrt.org; Wed, 01 Jul 2020 14:44:13 +0000 Received: by mail-pj1-x1043.google.com with SMTP id u8so10765777pje.4 for <openwrt-devel@lists.openwrt.org>; Wed, 01 Jul 2020 07:44:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=PX7EKHPO4VaEn3ae66PV5kc8zr/kdolz8y3dj3S8QfE=; b=RQGIs1fKuh8w/8uI/JDtOvpb4VmyQa7I2HZl237aoTw4uhKTvv5g0hf5te5L3Tb76V oJbzrOW2uXLkrCmnJ3l9jaBaajbAEuvRlC/01pi7AjdPi/A28LZo99wlctU+1j065Emz R59MJo6nuePzft8VveHba6XQLsfW2NybyRcgGXaLV+wMQDAn0XB6HYdxSbuJ+EG8n/wH CosQZlfq3J8XIhTvrJ1uJYXbhv8GHKfnVDMsSJTFwwWdtDzwvG9WbjVRsKKtz4kaVKKY L26lmXpg+SHa2LWXpoOU8mo6RD0uqlWvGpqjpGoq68kmuwBEEaHTFl8LuWRsD2SAgtva 29yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=PX7EKHPO4VaEn3ae66PV5kc8zr/kdolz8y3dj3S8QfE=; b=TskEVvTXtiJaZ7Ok00/5lkAToR1pjO/b8ptah53etaTnt5Zi7uL/JOCeul7F5yRk88 xhnLzpSbidFcugAQM09dpe7DVeJ0jQJDuJBI27Md/QjhPsyy8H2uhEg7VrVmR1S39umD +XWHEQk3FTCfUk0kIV3erUF3K+q7fmGhcAw6Hdy5s2rCsQW+vhn3IcwvMib2gVx4eWkI EnnerlRp2KxnQTsDnzy+CK+v+TbJo3cg+QaRfycC0UK6YuixWRvwsgYB6wSBVPJfbcQo JDPJTrjzWJu0ZodNmGqgnyVNP/QQtoQfbyodseHQ+jQSAcjSNfWaiM96YwTEwHvFjt9P zj/g== X-Gm-Message-State: AOAM531fhvEFzHGXVG3c38yAcdly7VfZUSs6/Fzs7rclLEcj8jz+hWRc Tmjz2ANBcDOnTi7VBFcpPy565eeBr3I= X-Google-Smtp-Source: ABdhPJwiwM7OW79ywjLx8NFy6gC1JepcFsMPWapMgU834yPQQtgLr9qPPonC7GaJRFiuiNLNyWP4hw== X-Received: by 2002:a17:90a:89:: with SMTP id a9mr26092589pja.27.1593614648869; Wed, 01 Jul 2020 07:44:08 -0700 (PDT) Received: from cplx1037.edegem.eu.thmulti.com (14.125.146.82.ipv4.evonet.be. [82.146.125.14]) by smtp.gmail.com with ESMTPSA id w1sm6332230pfq.53.2020.07.01.07.44.07 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Jul 2020 07:44:08 -0700 (PDT) From: Alin Nastac <alin.nastac@gmail.com> To: Jo-Philipp Wich <jo@mein.io>, openwrt-devel@lists.openwrt.org Subject: [firewall3][PATCH] zones: limit masq_allow_invalid effect to ipv4 family Date: Wed, 1 Jul 2020 16:44:00 +0200 Message-Id: <1593614640-14555-1-git-send-email-alin.nastac@gmail.com> X-Mailer: git-send-email 2.7.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200701_104413_125483_030927A9 X-CRM114-Status: UNSURE ( 9.56 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1043 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [alin.nastac[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org> List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>, <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe> List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/> List-Post: <mailto:openwrt-devel@lists.openwrt.org> List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help> List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>, <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org> Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org |
| Series |
[firewall3] zones: limit masq_allow_invalid effect to ipv4 family
|
expand
|
diff --git a/zones.c b/zones.c index 68b02ab..dbf23dc 100644 --- a/zones.c +++ b/zones.c @@ -501,7 +501,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, if (has(zone->flags, handle->family, t)) { - if (t == FW3_FLAG_ACCEPT && + if (t == FW3_FLAG_ACCEPT && handle->family == FW3_FAMILY_V4 && zone->masq && !zone->masq_allow_invalid) { r = fw3_ipt_rule_create(handle, NULL, NULL, dev, NULL, sub);
Preventing NAT leakage on ipv6 doesn't make sense, as all other masq* options have effect only on ipv4. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> --- zones.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)