mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-27 01:53:27 +01:00
The real fix for Makeitso's problem
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9548 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
f801c7cbfc
commit
00afd5b142
@ -2273,8 +2273,7 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
if ( $dest ) {
|
||||
if ( $dest eq '-' ) {
|
||||
$dest = '';
|
||||
} elsif ( $restriction & PREROUTE_RESTRICT ) {
|
||||
if ( $dest =~ /^detect:(.*)$/ ) {
|
||||
} elsif ( ( $restriction & PREROUTE_RESTRICT ) && $dest =~ /^detect:(.*)$/ ) {
|
||||
#
|
||||
# DETECT_DNAT_IPADDRS=Yes and we're generating the nat rule
|
||||
#
|
||||
@ -2304,9 +2303,6 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
}
|
||||
|
||||
$dest = '';
|
||||
} else {
|
||||
fatal_error "A DESTINATION interface may not be specified in this rule";
|
||||
}
|
||||
} elsif ( $family == F_IPV4 ) {
|
||||
if ( $dest =~ /^(.+?):(.+)$/ ) {
|
||||
$diface = $1;
|
||||
@ -2344,6 +2340,7 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
#
|
||||
# ADDRESS 'detect' in the masq file.
|
||||
#
|
||||
fatal_error "A DEST interface may not be specified in this rule" unless $chainref->{table} eq 'nat';
|
||||
fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface );
|
||||
push_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do', 'done' );
|
||||
$rule .= '-d $dest ';
|
||||
@ -2482,8 +2479,8 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
$dnets = ALLIP unless $dnets;
|
||||
$onets = ALLIP unless $onets;
|
||||
|
||||
fatal_error "Input interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && $inets ne ALLIP;
|
||||
fatal_error "Output interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && $dnets ne ALLIP;
|
||||
fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && $inets ne ALLIP;
|
||||
fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && $dnets ne ALLIP;
|
||||
|
||||
if ( $iexcl || $dexcl || $oexcl ) {
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user