forked from freifunk-franken/firmware
Fabian Bläse
157fa4eac5
Include nftables and appropriate modules. Translate ip- and ebtables rules to their nftables counterparts. Remove ip/ebtables and modules. This change intentionally tries to keep structural changes at a minimum to keep the rule translation comprehensible. kmod-nft-bridge is not required for fff-node, because it was merged into a single kernel module since Linux 4.17: [1]02c7b25e5f[2]fbaf48387eFixes: #252 Signed-off-by: Fabian Bläse <fabian@blaese.de> Co-authored-by: Johannes Kimmel <fff@bareminimum.eu>
11 lines
514 B
Plaintext
11 lines
514 B
Plaintext
if [ "$(uci -q get network.client.fff_snat)" = '1' ]; then
|
|
nft add table ip mangle
|
|
nft add chain ip mangle PREROUTING '{ type filter hook prerouting priority mangle; policy accept; }'
|
|
|
|
nft add table ip nat
|
|
nft add chain ip nat POSTROUTING '{ type nat hook postrouting priority srcnat; policy accept; }'
|
|
|
|
nft add rule ip mangle PREROUTING iifname "br-client" counter mark set 0x736e6174
|
|
nft add rule ip nat POSTROUTING meta mark 0x736e6174 counter snat ip to $(uci -q get network.client.fff_snat_sourceip)
|
|
fi
|