extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix additional masq/snat issues.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-11-01 18:42:16 -07:00
parent 6e08717089
commit e188bde6c4
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -286,8 +286,14 @@ sub process_one_masq1( $$$$$$$$$$$$ )
} else { } else {
validate_address $ipaddr, 0; validate_address $ipaddr, 0;
} }
validate_portpair1( $proto, $rest ) if supplied $rest;
$addrlist .= "--to-source $ipaddr "; if ( supplied $rest ) {
validate_portpair1( $proto, $rest );
$addrlist .= "--to-source $addr ";
} else {
$addrlist .= "--to-source $ipaddr";
}
$exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/; $exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
} else { } else {
my $ports = $addr; my $ports = $addr;
@ -399,7 +405,11 @@ sub process_one_masq1( $$$$$$$$$$$$ )
if ( $snat ) { if ( $snat ) {
$target =~ s/ .*//; $target =~ s/ .*//;
$target .= '+' if $pre_nat; $target .= '+' if $pre_nat;
$target .= '(' . $addresses . ')' if $addresses ne '-' && $addresses ne 'NONAT';
if ( $addresses ne '-' && $addresses ne 'NONAT' ) {
$addresses =~ s/^://;
$target .= '(' . $addresses . ')';
}
my $line = "$target\t$networks\t$savelist\t$proto\t$ports\t$ipsec\t$mark\t$user\t$condition\t$origdest\t$probability"; my $line = "$target\t$networks\t$savelist\t$proto\t$ports\t$ipsec\t$mark\t$user\t$condition\t$origdest\t$probability";
# #

10
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -5559,8 +5559,14 @@ sub process_snat1( $$$$$$$$$$$$ ) {
} else { } else {
validate_address $ipaddr, 0; validate_address $ipaddr, 0;
} }
validate_portpair1( $proto, $rest ) if supplied $rest;
$addrlist .= " --to-source $ipaddr"; if ( supplied $rest ) {
validate_portpair1( $proto, $rest );
$addrlist .= " --to-source $addr";
} else {
$addrlist .= " --to-source $ipaddr";
}
$exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/; $exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
} else { } else {
my $ports = $addr; my $ports = $addr;