holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix rare optimization bug

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-04-26 16:19:58 -07:00
parent 6e04c7eec8
commit 0e4698d57c
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -456,7 +456,7 @@ sub setup_netmap() {
my $ruleout = ''; my $ruleout = '';
my $iface = $interface; my $iface = $interface;
fatal_error "Unknown interface ($interface)" unless my $interfaceref = find_interface( $interface ); fatal_error "Unknown interface ($interface)" unless my $interfaceref = known_interface( $interface );
unless ( $interfaceref->{root} ) { unless ( $interfaceref->{root} ) {
$rulein = match_source_dev $interface; $rulein = match_source_dev $interface;
@ -465,9 +465,13 @@ sub setup_netmap() {
} }
if ( $type eq 'DNAT' ) { if ( $type eq 'DNAT' ) {
add_rule ensure_chain( 'nat' , input_chain $interface ) , $rulein . "-d $net1 -j NETMAP --to $net2"; my $chainref = ensure_chain( 'nat' , input_chain $interface );
dont_optimize $chainref unless $interfaceref->{root};
add_rule $chainref , $rulein . "-d $net1 -j NETMAP --to $net2";
} elsif ( $type eq 'SNAT' ) { } elsif ( $type eq 'SNAT' ) {
add_rule ensure_chain( 'nat' , output_chain $interface ) , $ruleout . "-s $net1 -j NETMAP --to $net2"; my $chainref = ensure_chain( 'nat' , output_chain $interface );
dont_optimize $chainref unless $interfaceref->{root};
add_rule $chainref , $ruleout . "-s $net1 -j NETMAP --to $net2";
} else { } else {
fatal_error "Invalid type ($type)"; fatal_error "Invalid type ($type)";
} }