apps/openlan
1
0
Fork 0
mirror of https://github.com/luscis/openlan.git synced 2025-10-05 08:36:59 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: output from vrf dont goto zone

Browse Source
This commit is contained in:
Daniel Ding
2024-01-11 20:17:32 +08:00
parent 64866cb4da
commit 6283f49713
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/switch/network.go
View File

@@ -677,6 +677,7 @@ func (w *WorkerImpl) forwardZone(input string) {
if w.table == 0 { if w.table == 0 {
return return
} }
w.out.Debug("WorkerImpl.forwardZone %s", input) w.out.Debug("WorkerImpl.forwardZone %s", input)
w.fire.Raw.Pre.AddRule(cn.IPRule{ w.fire.Raw.Pre.AddRule(cn.IPRule{
Input: input, Input: input,
@@ -690,6 +691,12 @@ func (w *WorkerImpl) forwardZone(input string) {
Zone: uint32(w.table), Zone: uint32(w.table),
Comment: "Goto private zone", Comment: "Goto private zone",
}) })
w.fire.Raw.Out.AddRule(cn.IPRule{
Output: input,
Jump: cn.CCT,
Zone: uint32(w.table),
Comment: "Goto private zone",
})
} }
func (w *WorkerImpl) forwardVPN() { func (w *WorkerImpl) forwardVPN() {
@@ -699,9 +706,6 @@ func (w *WorkerImpl) forwardVPN() {
} }
devName := vpn.Device devName := vpn.Device
w.forwardZone(devName)
_, port := libol.GetHostPort(vpn.Listen) _, port := libol.GetHostPort(vpn.Listen)
if vpn.Protocol == "udp" { if vpn.Protocol == "udp" {
w.openPort("udp", port, "Open VPN") w.openPort("udp", port, "Open VPN")
@@ -709,6 +713,8 @@ func (w *WorkerImpl) forwardVPN() {
w.openPort("tcp", port, "Open VPN") w.openPort("tcp", port, "Open VPN")
} }
w.forwardZone(devName)
// Enable MASQUERADE, and FORWARD it. // Enable MASQUERADE, and FORWARD it.
w.toRelated(devName, "Accept related") w.toRelated(devName, "Accept related")
w.toACL(cfg.Acl, devName) w.toACL(cfg.Acl, devName)