forked from extern/shorewall_code
First stage of DETECT_DNAT_ADDRS
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5643 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
81fca7f404
commit
cb9a3650bd
@ -885,7 +885,6 @@ sub process_rule1 ( $$$$$$$$$ ) {
|
||||
#
|
||||
$rule = do_proto $proto, $ports, $sports . do_ratelimit( $ratelimit ) . ( do_user $user );
|
||||
|
||||
$origdest = ALLIPv4 unless $origdest and $origdest ne '-';
|
||||
#
|
||||
# Generate NAT rule(s), if any
|
||||
#
|
||||
@ -931,6 +930,13 @@ sub process_rule1 ( $$$$$$$$$ ) {
|
||||
$target = '-j REDIRECT --to-port ' . ( $serverport ? $serverport : $ports );
|
||||
}
|
||||
|
||||
unless ( $origdest and $origdest ne '-' ) {
|
||||
if ( $config{DETECT_DNAT_ADDRS} ) {
|
||||
$origdest = 'detect';
|
||||
} else {
|
||||
origdest = ALLIPv4;
|
||||
}
|
||||
}
|
||||
#
|
||||
# And generate the nat table rule(s)
|
||||
#
|
||||
@ -952,7 +958,10 @@ sub process_rule1 ( $$$$$$$$$ ) {
|
||||
$rule = do_proto $proto, $ports, $sports . do_ratelimit( $ratelimit ) . do_user $user;
|
||||
$loglevel = '';
|
||||
}
|
||||
} elsif ( $actiontype & NONAT ) {
|
||||
} else {
|
||||
$origdest = ALLIPv4 unless $origdest and $origdest ne '-';
|
||||
|
||||
if ( $actiontype & NONAT ) {
|
||||
#
|
||||
# NONAT or ACCEPT+ -- May not specify a destination interface
|
||||
#
|
||||
@ -970,6 +979,7 @@ sub process_rule1 ( $$$$$$$$$ ) {
|
||||
$action ,
|
||||
'';
|
||||
}
|
||||
}
|
||||
#
|
||||
# Add filter table rule, unless this is a NATONLY rule type
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user