Fix handling or ORIGINAL DEST when CONNTRACK_MATCH is not available

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-06-14 21:56:52 +02:00 · 2011-08-10 07:12:13 -07:00 · 2011-08-10 07:12:13 -07:00 · 8eff66dcfd
commit 8eff66dcfd
parent c923dfdade
1 changed files with 2 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -4786,7 +4786,7 @@ sub expand_rule( $$$$$$$$$$;$ )
    if ( $origdest ) {
 	if ( $origdest eq '-' || ! have_capability( 'CONNTRACK_MATCH' ) ) {
-	    $origdest = '';
+	    $onets = $oexcl = '';
 	} elsif ( $origdest =~ /^detect:(.*)$/ ) {
 	    #
 	    # Either the filter part of a DNAT rule or 'detect' was given in the ORIG DEST column
@ -4816,7 +4816,7 @@ sub expand_rule( $$$$$$$$$$;$ )
 		$rule .= "-m conntrack --ctorigdst $variable ";
 	    }
-	    $origdest = '';
+	    $onets = $oexcl = '';
 	} else {
 	    fatal_error "Invalid ORIGINAL DEST" if  $origdest =~ /^([^!]+)?,!([^!]+)$/ || $origdest =~ /.*!.*!/;