apps/openlan
1
0
Fork 0
mirror of https://github.com/luscis/openlan.git synced 2025-10-05 08:36:59 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: output from vrf dont goto zone

Browse Source
This commit is contained in:
Daniel Ding
2024-01-11 20:17:32 +08:00
parent 64866cb4da
commit 6283f49713
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/switch/network.go
View File

@@ -677,6 +677,7 @@ func (w *WorkerImpl) forwardZone(input string) {
if w.table == 0 {
return
}
w.out.Debug("WorkerImpl.forwardZone %s", input)
w.fire.Raw.Pre.AddRule(cn.IPRule{
Input: input,
@@ -690,6 +691,12 @@ func (w *WorkerImpl) forwardZone(input string) {
Zone: uint32(w.table),
Comment: "Goto private zone",
})
w.fire.Raw.Out.AddRule(cn.IPRule{
Output: input,
Jump: cn.CCT,
Zone: uint32(w.table),
Comment: "Goto private zone",
})
}
func (w *WorkerImpl) forwardVPN() {
@@ -699,9 +706,6 @@ func (w *WorkerImpl) forwardVPN() {
}
devName := vpn.Device
w.forwardZone(devName)
_, port := libol.GetHostPort(vpn.Listen)
if vpn.Protocol == "udp" {
w.openPort("udp", port, "Open VPN")
@@ -709,6 +713,8 @@ func (w *WorkerImpl) forwardVPN() {
w.openPort("tcp", port, "Open VPN")
}
w.forwardZone(devName)
// Enable MASQUERADE, and FORWARD it.
w.toRelated(devName, "Accept related")
w.toACL(cfg.Acl, devName)