From ab496987e0d9ba86f7fa0b7f656d12feadf7d210 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 18 Oct 2016 15:32:05 -0700
Subject: [PATCH] Prevent 'nat' and 'mangle' being specified together

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index a4b4239f8..db7031e50 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2258,7 +2258,11 @@ sub process_actions() {
 		fatal_error "The 'raw' table may not be specified for non-builtin actions" if $opts & RAW_OPT;
 
 		$type |= MANGLE_TABLE if $opts & MANGLE_OPT;
-		$type |= NAT_TABLE    if $opts & NAT_OPT;
+		
+		if ( $opts & NAT_OPT ) {
+		    fatal_error q(The 'mangle' and 'nat' options are mutually exclusive) if $opts & MANGLE_OPT;
+		    $type |= NAT_TABLE;
+		}
 
 		my $actionfile = find_file( "action.$action" );