sharing: fix handling of rule negation (debian #638995)NM_0_8

! after the option is deprecated at least as far back as iptables 1.4.12 on 2.6.32. ! should be before the option instead. Reported-by: Ralf Jung <ralfjung-e@gmx.de>
author: Dan Williams <dcbw@redhat.com> 2011-09-06 18:31:40 -0500
committer: Dan Williams <dcbw@redhat.com> 2012-08-02 15:41:17 -0500
commit: b5bcb9f28a21715d0eaf46835140c80174a636b0 (patch)
tree: 0d977fc1b979d6b0561f92781595c2c560ff2860
parent: ef9ef7133f0cccadd0ccd2cf57d9bea8aeebbd41 (diff)
download: NetworkManager-b5bcb9f28a21715d0eaf46835140c80174a636b0.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nm-device.c b/src/nm-device.c
index aa858b5cf8..18d42d1d76 100644
--- a/src/nm-device.c
+++ b/src/nm-device.c
@@ -2467,7 +2467,7 @@ start_sharing (NMDevice *self)
 	add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface);
 	add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface);
 	add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface);
-	add_share_rule (req, "nat", "POSTROUTING --source %s/%s --destination ! %s/%s --jump MASQUERADE", str_addr, str_mask, str_addr, str_mask);
+	add_share_rule (req, "nat", "POSTROUTING --source %s/%s ! --destination %s/%s --jump MASQUERADE", str_addr, str_mask, str_addr, str_mask);
 
 	nm_act_request_set_shared (req, TRUE);
author	Dan Williams <dcbw@redhat.com>	2011-09-06 18:31:40 -0500
committer	Dan Williams <dcbw@redhat.com>	2012-08-02 15:41:17 -0500
commit	b5bcb9f28a21715d0eaf46835140c80174a636b0 (patch)
tree	0d977fc1b979d6b0561f92781595c2c560ff2860
parent	ef9ef7133f0cccadd0ccd2cf57d9bea8aeebbd41 (diff)
download	NetworkManager-b5bcb9f28a21715d0eaf46835140c80174a636b0.tar.gz