First stage of DETECT_DNAT_ADDRS

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5643 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

New/Shorewall/Rules.pm

@@ -885,7 +885,6 @@ sub process_rule1 ( $$$$$$$$$ ) {
     #
     $rule = do_proto $proto, $ports, $sports . do_ratelimit( $ratelimit ) . ( do_user $user );
 
-    $origdest = ALLIPv4 unless $origdest and $origdest ne '-';
     #
     # Generate NAT rule(s), if any
     #
@@ -931,6 +930,13 @@ sub process_rule1 ( $$$$$$$$$ ) {
 	    $target = '-j REDIRECT --to-port ' . ( $serverport ? $serverport : $ports );
 	}
 
+	unless ( $origdest and $origdest ne '-' ) {
+	    if ( $config{DETECT_DNAT_ADDRS} ) {
+		$origdest = 'detect';
+	    } else {
+		origdest = ALLIPv4;
+	    }
+	}
 	#
 	# And generate the nat table rule(s)
 	#
@@ -952,23 +958,27 @@ sub process_rule1 ( $$$$$$$$$ ) {
 	    $rule = do_proto $proto, $ports, $sports . do_ratelimit( $ratelimit ) . do_user $user;
 	    $loglevel = '';
 	}
-    } elsif ( $actiontype & NONAT ) {
+    } else {
-	#
+	$origdest = ALLIPv4 unless $origdest and $origdest ne '-';
-	# NONAT or ACCEPT+ -- May not specify a destination interface
-	#
-	fatal_error "Invalid DEST ($dest) in $action rule \"$line\"" if $dest =~ /:/;
 
-	expand_rule
+	if ( $actiontype & NONAT ) {
-	    ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone) ,
+	    #
-	    PREROUTE_RESTRICT ,
+	    # NONAT or ACCEPT+ -- May not specify a destination interface
-	    $rule ,
+	    #
-	    $source ,
+	    fatal_error "Invalid DEST ($dest) in $action rule \"$line\"" if $dest =~ /:/;
-	    $dest ,
+	    
-	    '' ,
+	    expand_rule
-	    '-j RETURN ' ,
+		ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone) ,
-	    $loglevel ,
+		PREROUTE_RESTRICT ,
-	    $action ,
+		$rule ,
-	    '';
+		$source ,
+		$dest ,
+		'' ,
+		'-j RETURN ' ,
+		$loglevel ,
+		$action ,
+		'';
+	}
     }
     #
     # Add filter table rule, unless this is a NATONLY rule type