More cleanup

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@585 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/firewall

@@ -2094,7 +2094,7 @@ add_a_rule()
 	    if [ -n "$natrule" ]; then
 		add_nat_rule
 	    elif [ -n "$addr" -a "$addr" != "$serv" ] || [ -n "$servport" -a "$servport" != "$port" ]; then
-		fatal_error "Only DNAT and REDIRECT rules may specify port mapping; rule \"$rule\""
+		fatal_error "Only DNAT and REDIRECT rules may specify destination mapping; rule \"$rule\""
 	    fi
 
 	    if [ -z "$dnat_only" -a $chain != ${FW}2${FW} ]; then
@@ -2274,18 +2274,22 @@ process_rule() # $1 = target
 
     if [ "x$chain" = x${FW}2${FW} ]; then
 	case $logtarget in
-	    REDIRECT)
+	    REDIRECT|DNAT)
+		#
+		# Redirect rules that have the firewall as the source are fw->fw rules
+		#
 		;;
 	    *)
 		error_message "WARNING: fw -> fw rules are not supported; rule \"$rule\" ignored"
 		return
 		;;
 	esac
-    fi
+    else
 
-    # Create the canonical chain if it doesn't already exist
+	# Create the canonical chain if it doesn't already exist
     
-    [ $command = check ] || ensurechain $chain
+	[ $command = check ] || ensurechain $chain
+    fi
 
     # Generate Netfilter rule(s)