From 46f0ae548f0fb6308f91e423ece4509e57dc693d Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 13 Dec 2002 18:39:05 +0000
Subject: [PATCH] Fix FW->FW REDIRECT

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@365 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 STABLE/firewall | 42 ++++++++++++++++++++++++++++--------------
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/STABLE/firewall b/STABLE/firewall
index 42ff1696d..e4d222888 100755
--- a/STABLE/firewall
+++ b/STABLE/firewall
@@ -849,8 +849,14 @@ validate_rule() {
     chain=${source}2${dest}
 
     if [ "x$chain" = x${FW}2${FW} ]; then
-	error_message "WARNING: fw -> fw rules are not supported; rule \"$rule\" ignored"
-	return
+	case $logtarget in
+	    REDIRECT)
+		;;
+	    *)
+		error_message "WARNING: fw -> fw rules are not supported; rule \"$rule\" ignored"
+		return
+		;;
+	esac
     fi
 
     #
@@ -1966,16 +1972,18 @@ add_a_rule()
 	    add_nat_rule
 	fi
 
-	serv="${serv:+-d $serv}"
+	if [ $chain != ${FW}2${FW} ]; then
+	    serv="${serv:+-d $serv}"
 
-	[ -n "$loglevel" ] && run_iptables -A $chain $proto $multiport \
-	    $state $cli $sports $serv $dports -j LOG $LOGPARMS \
-	    --log-prefix "Shorewall:$chain:$logtarget:" \
-	    --log-level $loglevel
-	run_iptables -A $chain $proto $multiport $state $cli $sports \
-	    $serv $dports -j $target
+	    [ -n "$loglevel" ] && run_iptables -A $chain $proto $multiport \
+		$state $cli $sports $serv $dports -j LOG $LOGPARMS \
+		--log-prefix "Shorewall:$chain:$logtarget:" \
+		--log-level $loglevel
+	    run_iptables -A $chain $proto $multiport $state $cli $sports \
+		$serv $dports -j $target
+	fi
     else
-
+	    
 	# Destination is a simple zone
 
 	[ -n "$addr" ] && fatal_error \
@@ -2104,12 +2112,18 @@ process_rule() # $1 = target
     chain=${source}2${dest}
 
     if [ "x$chain" = x${FW}2${FW} ]; then
-	error_message "WARNING: fw -> fw rules are not supported; rule \"$rule\" ignored"
-	return
+	case $logtarget in
+	    REDIRECT)
+		;;
+	    *)
+		error_message "WARNING: fw -> fw rules are not supported; rule \"$rule\" ignored"
+		return
+		;;
+	esac
+    else
+	ensurechain $chain
     fi
 
-    ensurechain $chain
-
     # Generate Netfilter rule(s)
 
     if [ -n "$MULTIPORT" -a \