Ensure that the 1:1 NAT chain jumps always come last in PREROUTING.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-09-26 15:46:52 -07:00
parent bac0f36818
commit ffcf262de4

View File

@ -1530,10 +1530,6 @@ sub add_interface_jumps {
addnatjump 'POSTROUTING' , snat_chain( $interface ), imatch_dest_dev( $interface );
}
addnatjump 'PREROUTING' , 'nat_in';
addnatjump 'POSTROUTING' , 'nat_out';
addnatjump 'PREROUTING', 'dnat';
for my $interface ( @interfaces ) {
addnatjump 'PREROUTING' , input_chain( $interface ) , imatch_source_dev( $interface );
addnatjump 'POSTROUTING' , output_chain( $interface ) , imatch_dest_dev( $interface );
@ -2236,6 +2232,11 @@ sub generate_matrix() {
} # Source Zone Loop
progress_message ' Finishing matrix...';
#
# Make sure that the 1:1 NAT jumps are last in PREROUTING
#
addnatjump 'PREROUTING' , 'nat_in';
addnatjump 'POSTROUTING' , 'nat_out';
add_interface_jumps @interfaces unless $interface_jumps_added;