Don't generate redundant ACCEPT rules for DNAT/REDIRECT/SAME

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2456 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-05 14:13:45 +00:00 · 2005-08-05 14:13:45 +00:00 · bba152b119
commit bba152b119
parent 111bdded1c
2 changed files with 6 additions and 0 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -8,6 +8,10 @@ Changes in 2.5.1

 4) Fix Makefile (compare to restore-base rather than restarted).

+5) Add "all+"
+
+6) Don't generate redundant ACCEPT rules for DNAT/REDIRECT/SAME
+
 Changes in 2.5.1ex/2.5.0

 1) Clean up handling of zones
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -4763,6 +4763,7 @@ add_nat_rule() {
 #    userandgroup= -m owner clause
 #    userspec    = User name
 #    logtag      = Log tag
+#    policy      = Applicable Policy
 #
 add_a_rule()
 {
@ -4915,6 +4916,7 @@ add_a_rule()

 	    if [ -n "$natrule" ]; then
 		add_nat_rule
+		[ $policy = ACCEPT ] && return
 	    elif [ -n "$servport" -a "$servport" != "$port" ]; then
 		fatal_error "Only DNAT, SAME and REDIRECT rules may specify destination port mapping; rule \"$rule\""
 	    fi