holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix exclusion corner case in /etc/shorewall/masq processing

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6510 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-11 13:19:15 +00:00
parent 3960e7b105
commit 41c40edcc7
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall-perl/Shorewall/Nat.pm
View File

@ -169,6 +169,7 @@ sub setup_one_masq($$$$$$$)
$rule .= do_test( $mark, 0xFF) if $mark ne '-'; $rule .= do_test( $mark, 0xFF) if $mark ne '-';
my $detectaddress = 0; my $detectaddress = 0;
my $exceptionrule = '';
# #
# Parse the ADDRESSES column # Parse the ADDRESSES column
# #
@ -202,9 +203,11 @@ sub setup_one_masq($$$$$$$)
if ( $addr =~ /^.*\..*\..*\./ ) { if ( $addr =~ /^.*\..*\..*\./ ) {
$target = '-j SNAT '; $target = '-j SNAT ';
$addrlist .= "--to-source $addr "; $addrlist .= "--to-source $addr ";
$exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
} else { } else {
$addr =~ s/^://; $addr =~ s/^://;
$addrlist .= "--to-ports $addr "; $addrlist .= "--to-ports $addr ";
$exceptionrule = do_proto( $proto, '', '' );
} }
} }
@ -216,7 +219,16 @@ sub setup_one_masq($$$$$$$)
# #
# And Generate the Rule(s) # And Generate the Rule(s)
# #
expand_rule $chainref , POSTROUTE_RESTRICT , $rule, $networks, $destnets, '', $target, '', '' , ''; expand_rule( $chainref ,
POSTROUTE_RESTRICT ,
$rule ,
$networks ,
$destnets ,
'' ,
$target ,
'' ,
'' ,
$exceptionrule );
if ( $detectaddress ) { if ( $detectaddress ) {
pop_cmd_mode( $chainref ); pop_cmd_mode( $chainref );