diff options
author | Hans Dedecker <dedeckeh@gmail.com> | 2018-12-06 18:03:06 +0100 |
---|---|---|
committer | Hans Dedecker <dedeckeh@gmail.com> | 2018-12-06 21:16:03 +0100 |
commit | 14589c80cde937162da02414a0103653a566e866 (patch) | |
tree | 803ead07d0804932a2175232de552edc544d8bd8 | |
parent | 1c4d5bcd1137e61e91dca858fe33d76d7a1dc821 (diff) | |
download | firewall3-14589c80cde937162da02414a0103653a566e866.tar.gz |
redirects: properly handle src_dport in SNAT rules
In case of SNAT rules the src_dport parameter is used both as a rewrite
parameter as well as a matching parameter which is not the expected
behavior.
The latter is caused by port_redir being set to src_dport in case dest_port
parameter is not.
As this logic is in place to mimic the old shell script based firewall
behavior for DNAT only set port_redir in case the redirect rule is
a DNAT rule.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r-- | redirects.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/redirects.c b/redirects.c index 6cd09f1..ab95395 100644 --- a/redirects.c +++ b/redirects.c @@ -350,7 +350,7 @@ check_redirect(struct fw3_state *state, struct fw3_redirect *redir, struct uci_e if (!valid) return false; - if (!redir->port_redir.set) + if (redir->target == FW3_FLAG_DNAT && !redir->port_redir.set) redir->port_redir = redir->port_dest; return true; |