Fix SNAT handling in DNAT rules

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@869 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-20 09:47:51 +02:00 · 2003-12-16 21:52:37 +00:00 · 2003-12-16 21:52:37 +00:00 · 0c6299465d
commit 0c6299465d
parent ae440fc19e
3 changed files with 9 additions and 8 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -15,3 +15,5 @@ Changes since 1.4.8
 7) Added MODULE_SUFFIX option to shorewall.conf.

 8) Add /etc/shorewall/actions and /etc/shorewall/action.template
+
+9) Fix SNAT handling in DNAT rules.
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -3067,9 +3067,11 @@ process_rule() # $1 = target
    source=$clientzone

    if [ $source = $FW ]; then
-	source_hosts= || eval source_hosts=\"\$${source}_hosts\"
+	source_hosts=
    elif [ -n "$userset" ]; then
 	fatal_error "Invalid use of a user set: rule \"$rule\""
+    else
+	eval source_hosts=\"\$${source}_hosts\"
    fi

    if [ "$servers" = "${servers%:*}" ] ; then
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -16,6 +16,10 @@ Problems Corrected since version 1.4.8:
   rules now simply skips those (SOURCE,DEST) pairs that have a NONE
   policy.

+4) DNAT rules that also specified SNAT now work reliably. Previously,
+   there were cases where the SNAT specification was effectively
+   ignored. 
+
 Migration Issues:

 None.
@ -76,10 +80,3 @@ New Features:

 	LOG:info
 	ACCEPT
-
-
-
-	    
-
-
-