From 3f550622bdf311d2c73e2c715d2592d6d1de365f Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 26 Nov 2012 07:51:55 -0800
Subject: [PATCH] Only use routing table for OUTPUT interface in the raw table.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index dbffc54e0..2260c5a9e 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -6070,7 +6070,7 @@ sub verify_dest_interface( $$$$ ) {
 
     fatal_error "Unknown Interface ($diface)" unless known_interface $diface;
 
-    if ( $restriction & ( PREROUTE_RESTRICT | OUTPUT_RESTRICT ) ) {
+    if ( ( $restriction & PREROUTE_RESTRICT ) || ( $chainref->{table} eq 'raw' && ( $restriction & OUTPUT_RESTRICT ) ) ) {
 	#
 	# Dest interface -- must use routing table
 	#