Fix NAT_BEFORE_RULES=No

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@100 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-30 14:35:32 +00:00 · 2002-06-30 14:35:32 +00:00 · 939750baa2
commit 939750baa2
parent 4bfbc19f47
1 changed files with 11 additions and 5 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -2839,6 +2839,8 @@ apply_policy_rules() {
 ################################################################################
 activate_rules() {

+    local nat=1
+
    multi_interfaces=`find_interfaces_by_option multi`

    for zone in $zones; do
@ -2852,8 +2854,14 @@ activate_rules() {
 	        $interface -d $subnet -j `rules_chain $FW $zone`

 	    if havenatchain $zone; then
-		run_iptables -t nat -A PREROUTING \
-		    -i $interface -s $subnet -j $zone
+		if [ -n "$NAT_BEFORE_RULES" ]; then
+		    run_iptables -t nat -A PREROUTING \
+			-i $interface -s $subnet -j $zone
+		else
+		    run_iptables -t nat -I PREROUTING $nat \
+			-i $interface -s $subnet -j $zone
+		    nat=$((nat+1))
+		fi
 	    fi

 	    run_iptables -A `input_chain $interface` -s $subnet \
@ -2925,7 +2933,7 @@ define_firewall() # $1 = Command (Start or Restart)

    setup_proxy_arp

-    [ -n "$NAT_BEFORE_RULES" ] && setup_nat
+    setup_nat

    echo "Adding Common Rules"

@ -2967,8 +2975,6 @@ define_firewall() # $1 = Command (Start or Restart)
 	fi
    done

-    [ -z "$NAT_BEFORE_RULES" ] && setup_nat
-
    policy=`find_file policy`

    echo "Processing $policy..."