From 0e4698d57c89ef26bb40488353230c327c887289 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 26 Apr 2010 16:19:58 -0700 Subject: [PATCH] Fix rare optimization bug Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Nat.pm | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm index ac93bac2f..7b6849990 100644 --- a/Shorewall/Perl/Shorewall/Nat.pm +++ b/Shorewall/Perl/Shorewall/Nat.pm @@ -456,7 +456,7 @@ sub setup_netmap() { my $ruleout = ''; my $iface = $interface; - fatal_error "Unknown interface ($interface)" unless my $interfaceref = find_interface( $interface ); + fatal_error "Unknown interface ($interface)" unless my $interfaceref = known_interface( $interface ); unless ( $interfaceref->{root} ) { $rulein = match_source_dev $interface; @@ -465,9 +465,13 @@ sub setup_netmap() { } if ( $type eq 'DNAT' ) { - add_rule ensure_chain( 'nat' , input_chain $interface ) , $rulein . "-d $net1 -j NETMAP --to $net2"; + my $chainref = ensure_chain( 'nat' , input_chain $interface ); + dont_optimize $chainref unless $interfaceref->{root}; + add_rule $chainref , $rulein . "-d $net1 -j NETMAP --to $net2"; } elsif ( $type eq 'SNAT' ) { - add_rule ensure_chain( 'nat' , output_chain $interface ) , $ruleout . "-s $net1 -j NETMAP --to $net2"; + my $chainref = ensure_chain( 'nat' , output_chain $interface ); + dont_optimize $chainref unless $interfaceref->{root}; + add_rule $chainref , $ruleout . "-s $net1 -j NETMAP --to $net2"; } else { fatal_error "Invalid type ($type)"; }