firewall3: Useful to leave mark on redirected traffic #4
Description
If I have, for instance, a redirect section such as:
# port redirect of remapped ssh port (22001) on wan
config redirect
option src wan
option src_dport 22001
option dest lan
option dest_port 22
option proto tcp
(one of the canned rules enabled), it is useful to be able to distinguish between a connection directly to port 22 and a remapped connection to port 22. In my case, I TARPIT connections to port 22 but only if they're not redirected from 22001. Similarly, I might want to log connections differently depending on which external port they arrived on.
One way this could be implemented is marking a bit (say 0x400 so as to not conflict with mwan3) before any of the redirects happen in zone_wan_prerouting rules, then as the last rule in that section, clear that bit.
Should be a two line change to the rule synthesis:
(1) mark the bit as the second rule in zone_wan_prerouting;
(2) clear the bit as the last rule in zone_wan_prerouting;
so that if we reach the bottom of zone_wan_prerouting, then no redirects have happened and we can unmark the packet.