mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-19 04:41:07 +01:00
Don't allow a source interface in a DNAT/REDIRECT rule with source == firewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
691a9bf793
commit
542f279544
@ -632,12 +632,13 @@ sub handle_nat_rule( $$$$$$$$$$$$ ) {
|
||||
#
|
||||
# And generate the nat table rule(s)
|
||||
#
|
||||
my $firewallsource = $sourceref && ( $sourceref->{type} & ( FIREWALL | VSERVER ) );
|
||||
|
||||
expand_rule ( ensure_chain ('nat' ,
|
||||
( $action_chain ?
|
||||
$action_chain :
|
||||
( $sourceref->{type} == FIREWALL ? 'OUTPUT' :
|
||||
dnat_chain $sourceref->{name} ) ) ),
|
||||
PREROUTE_RESTRICT ,
|
||||
( $action_chain ? $action_chain :
|
||||
$firewallsource ? 'OUTPUT' :
|
||||
dnat_chain $sourceref->{name} ) ) ,
|
||||
$firewallsource ? OUTPUT_RESTRICT : PREROUTE_RESTRICT ,
|
||||
$rule ,
|
||||
$source ,
|
||||
$origdest ,
|
||||
|
Loading…
Reference in New Issue
Block a user