From 22c614d30b8e92436ff78f5788c299ff356333b7 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 27 Feb 2013 12:48:27 -0800
Subject: [PATCH] Don't allow :persistent in a MASQUERADE rule.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Nat.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index 05c4cfb2e..7fd4c5ae0 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -308,7 +308,8 @@ sub process_one_masq1( $$$$$$$$$$ )
 
 		    $target .= $addrlist;
 		} else {
-		    require_capability( 'MASQUERADE_TGT', 'Masquerade rules', '' )  if $family == F_IPV6;
+		    fatal_error( "':persistent' is not allowed in a MASQUERADE rule" ) if $persistent;
+		    require_capability( 'MASQUERADE_TGT', 'Masquerade rules', '' )     if $family == F_IPV6;
 		}
 	    }