From fb3477b8b5201df829a0c66bfa7be36948a20876 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 5 Nov 2009 13:40:03 -0800 Subject: [PATCH] A couple of additional tweaks to the two-bridge fix --- Shorewall/Perl/Shorewall/Rules.pm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 6b6634bd4..2099b3423 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -1324,7 +1324,7 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { # Static NAT is defined on this interface # $chn = new_chain( 'nat', newnonatchain ) unless $chn; - add_jump $chn, $nat_table->{$ichain}, 0, @interfaces > 1 ? "-i $_ " : ''; + add_jump $chn, $nat_table->{$ichain}, 0, @interfaces > 1 ? match_source_dev( $_ ) : ''; } } @@ -2127,10 +2127,10 @@ sub setup_mss( ) { my $mssmatch = $capabilities{TCPMSS_MATCH} ? "-m tcpmss --mss $mss: " : ''; my $source = match_source_dev $_; my $dest = match_dest_dev $_; - add_rule $chainref, "$dest -p tcp --tcp-flags SYN,RST SYN ${mssmatch}${out_match}-j TCPMSS --set-mss $mss"; - add_rule $chainref, "$dest -j RETURN" if $clampmss; - add_rule $chainref, "$source -p tcp --tcp-flags SYN,RST SYN ${mssmatch}${in_match}-j TCPMSS --set-mss $mss"; - add_rule $chainref, "$source -j RETURN" if $clampmss; + add_rule $chainref, "${dest}-p tcp --tcp-flags SYN,RST SYN ${mssmatch}${out_match}-j TCPMSS --set-mss $mss"; + add_rule $chainref, "${dest}-j RETURN" if $clampmss; + add_rule $chainref, "${source}-p tcp --tcp-flags SYN,RST SYN ${mssmatch}${in_match}-j TCPMSS --set-mss $mss"; + add_rule $chainref, "${source}-j RETURN" if $clampmss; } }