redirects: properly handle src_dport in SNAT rules

In case of SNAT rules the src_dport parameter is used both as a rewrite parameter as well as a matching parameter which is not the expected behavior. The latter is caused by port_redir being set to src_dport in case dest_port parameter is not. As this logic is in place to mimic the old shell script based firewall behavior for DNAT only set port_redir in case the redirect rule is a DNAT rule. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
author: Hans Dedecker <dedeckeh@gmail.com> 2018-12-06 18:03:06 +0100
committer: Hans Dedecker <dedeckeh@gmail.com> 2018-12-06 21:16:03 +0100
commit: 14589c80cde937162da02414a0103653a566e866 (patch)
tree: 803ead07d0804932a2175232de552edc544d8bd8
parent: 1c4d5bcd1137e61e91dca858fe33d76d7a1dc821 (diff)
download: firewall3-14589c80cde937162da02414a0103653a566e866.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/redirects.c b/redirects.c
index 6cd09f1..ab95395 100644
--- a/redirects.c
+++ b/redirects.c
@@ -350,7 +350,7 @@ check_redirect(struct fw3_state *state, struct fw3_redirect *redir, struct uci_e
 	if (!valid)
 		return false;
 
-	if (!redir->port_redir.set)
+	if (redir->target == FW3_FLAG_DNAT && !redir->port_redir.set)
 		redir->port_redir = redir->port_dest;
 
 	return true;
author	Hans Dedecker <dedeckeh@gmail.com>	2018-12-06 18:03:06 +0100
committer	Hans Dedecker <dedeckeh@gmail.com>	2018-12-06 21:16:03 +0100
commit	14589c80cde937162da02414a0103653a566e866 (patch)
tree	803ead07d0804932a2175232de552edc544d8bd8
parent	1c4d5bcd1137e61e91dca858fe33d76d7a1dc821 (diff)
download	firewall3-14589c80cde937162da02414a0103653a566e866.tar.gz