From 4d77d673e89da1c1f21be3e578aa9ce145ef7dab Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 28 Oct 2016 09:30:17 -0700
Subject: [PATCH] Be sure NAT is enabled before processing an snat file

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 7bdc6f54a..68aa11952 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -5755,11 +5755,10 @@ sub setup_snat( $ ) # Convert masq->snat if true
     convert_masq() if $_[0];
 
     if ( $fn = open_file( 'masq', 1, 1 ) ) {
-
 	first_entry( sub { progress_message2 "$doing $fn..."; require_capability 'NAT_ENABLED' , "a non-empty masq file" , 's'; } );
-
 	process_one_masq(0) while read_a_line( NORMAL_READ );
     } elsif ( $fn = open_file( 'snat', 1, 1 ) ) {
+	first_entry( sub { progress_message2 "$doing $fn..."; require_capability 'NAT_ENABLED' , "a non-empty snat file" , 's'; } );
 	process_snat while read_a_line( NORMAL_READ );
     }
 }