From 8ad730016512af70837121f569f85b806c6c90b3 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 23 Dec 2010 07:49:20 -0800
Subject: [PATCH] Fix NONAT and NATONLY rules in an action

---
 Shorewall/Perl/Shorewall/Rules.pm | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index c2d6c9eb8..eb80dbc91 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -833,17 +833,18 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
 	    add_requiredby( $normalized_target , $inaction1 );
 	} else {
 	    if ( my $ref = use_action( $normalized_target ) ) {
-		new_nat_chain $ref->{name} if $actiontype & ( NATRULE | NONAT );
+		new_nat_chain $ref->{name} if $actiontype & ( NATRULE | NONAT | NATONLY );
 	    }
 	}
     }
     
     #
-    # Return the NAT-oriented flags to the caller who will eventually add them
+    # Return the NATRULE flag to the caller who will eventually add it
     # to $targets{$inaction1}
     #
-    return ( $actiontype & ( NATRULE | NONAT | NATONLY ) ) if $inaction1;
-
+    if ( $inaction1 ) {
+	return ( $actiontype & ( NATRULE | NONAT | NATONLY ) ) ? NATRULE : 0;
+    }
     #
     # Take care of irregular syntax and targets
     #
@@ -878,8 +879,8 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
     #
     # Isolate and validate source and destination zones
     #
-    my $sourcezone;
-    my $destzone;
+    my $sourcezone = '-';
+    my $destzone = '-';
     my $sourceref;
     my $destref;
     my $origdstports;
@@ -949,11 +950,10 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
     #
     # Take care of chain
     #
-
-    unless ( $actiontype & NATONLY ) {
-	if ( $inaction3 ) {
-	    $chain = $chainref->{name};
-	} else {
+    if ( $inaction3 ) {
+	$chain = $chainref->{name};
+    } else { 
+	unless ( $actiontype & NATONLY ) {
 	    #
 	    # Check for illegal bridge port rule
 	    #