diff options
author | Steven Barth <steven@midlink.org> | 2014-04-10 14:26:57 +0200 |
---|---|---|
committer | Steven Barth <steven@midlink.org> | 2014-04-14 08:46:57 +0200 |
commit | 6907da00bbf0a5c6778f3ca8c9646bdc04119705 (patch) | |
tree | e55d06ef266115187001196d0dcedb43c6c47221 | |
parent | d1a450f7f29b68c314b92cde4f8cd34d4766302b (diff) | |
download | firewall3-6907da00bbf0a5c6778f3ca8c9646bdc04119705.tar.gz |
nat: allow ACCEPT-target to explicitely disable NAT
Signed-off-by: Steven Barth <steven@midlink.org>
-rw-r--r-- | snats.c | 15 |
1 files changed, 10 insertions, 5 deletions
@@ -179,7 +179,8 @@ fw3_load_snats(struct fw3_state *state, struct uci_package *p) warn_elem(e, "has no target specified, defaulting to MASQUERADE"); snat->target = FW3_FLAG_MASQUERADE; } - else if (snat->target < FW3_FLAG_SNAT || snat->target > FW3_FLAG_MASQUERADE) + else if (snat->target != FW3_FLAG_ACCEPT && snat->target != FW3_FLAG_SNAT && + snat->target != FW3_FLAG_MASQUERADE) { warn_elem(e, "has invalid target specified, defaulting to MASQUERADE"); snat->target = FW3_FLAG_MASQUERADE; @@ -192,15 +193,15 @@ fw3_load_snats(struct fw3_state *state, struct uci_package *p) fw3_free_snat(snat); continue; } - else if (snat->target == FW3_FLAG_MASQUERADE && snat->ip_snat.set) + else if (snat->target != FW3_FLAG_SNAT && snat->ip_snat.set) { - warn_elem(e, "must not use 'snat_ip' for MASQUERADE"); + warn_elem(e, "must not use 'snat_ip' for non-SNAT"); fw3_free_snat(snat); continue; } - else if (snat->target == FW3_FLAG_MASQUERADE && snat->port_snat.set) + else if (snat->target != FW3_FLAG_SNAT && snat->port_snat.set) { - warn_elem(e, "must not use 'snat_port' for MASQUERADE"); + warn_elem(e, "must not use 'snat_port' for non-SNAT"); fw3_free_snat(snat); continue; } @@ -258,6 +259,10 @@ set_target(struct fw3_ipt_rule *r, struct fw3_snat *snat, fw3_ipt_rule_target(r, "SNAT"); fw3_ipt_rule_addarg(r, false, "--to-source", buf); } + else if (snat->target == FW3_FLAG_ACCEPT) + { + fw3_ipt_rule_target(r, "ACCEPT"); + } else { fw3_ipt_rule_target(r, "MASQUERADE"); |