aredn/files/etc/firewall.natmode

18 lines
714 B
Plaintext
Raw Normal View History

# This script is run when the node is in NAT mode to
# setup addtional firewall rules needed for nat.
# allowing all other traffic to transport as is.
dtdlinkip=`uci -q get network.dtdlink.ipaddr`
wifiip=`uci -q get network.wifi.ipaddr`
ip rule del pref 20010 fwmark 0x15 lookup 29 > /dev/null 2>&1
ip rule add pref 20010 fwmark 0x15 lookup 29
#tag traffic for use later in iprule's
nft insert rule ip fw4 mangle_prerouting ip daddr $wifiip meta mark set 0x15
nft insert rule ip fw4 mangle_prerouting ip daddr $dtdlinkip meta mark set 0x15
# Mark and masq local traffic going out the dtdlink interface.
nft add rule ip fw4 helper_lan meta mark set 0xe
nft add rule ip fw4 srcnat mark 0xe mark 0xe masquerade