holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Don't allow a source interface in a DNAT/REDIRECT rule with source == firewall

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-08-01 10:01:08 -07:00
parent 691a9bf793
commit 542f279544
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -632,12 +632,13 @@ sub handle_nat_rule( $$$$$$$$$$$$ ) {
# #
# And generate the nat table rule(s) # And generate the nat table rule(s)
# #
my $firewallsource = $sourceref && ( $sourceref->{type} & ( FIREWALL | VSERVER ) );
expand_rule ( ensure_chain ('nat' , expand_rule ( ensure_chain ('nat' ,
( $action_chain ? ( $action_chain ? $action_chain :
$action_chain : $firewallsource ? 'OUTPUT' :
( $sourceref->{type} == FIREWALL ? 'OUTPUT' : dnat_chain $sourceref->{name} ) ) ,
dnat_chain $sourceref->{name} ) ) ), $firewallsource ? OUTPUT_RESTRICT : PREROUTE_RESTRICT ,
PREROUTE_RESTRICT ,
$rule , $rule ,
$source , $source ,
$origdest , $origdest ,