zones: make forward policy destination bound

The zone forwarding policy was installed source bound which resulted
in zones with forward accept policy to allow traffic anywhere while
only traffic between the zones network is supposed to be allowed in this
case.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

1 files changed, 3 insertions, 3 deletions

diff --git a/zones.c b/zones.c
index 6ab3d12..ebc4a2a 100644
--- a/zones.c
+++ b/zones.c
@@ -223,11 +223,11 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 		}
 
 		setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));
-		setbit(zone->flags[0], fw3_to_src_target(zone->policy_forward));
+		setbit(zone->flags[0], zone->policy_forward);
 		setbit(zone->flags[0], zone->policy_output);
 
 		setbit(zone->flags[1], fw3_to_src_target(zone->policy_input));
-		setbit(zone->flags[1], fw3_to_src_target(zone->policy_forward));
+		setbit(zone->flags[1], zone->policy_forward);
 		setbit(zone->flags[1], zone->policy_output);
 
 		list_add_tail(&zone->list, &state->zones);
@@ -491,7 +491,7 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 		fw3_ipt_rule_append(r, "zone_%s_input", zone->name);
 
 		r = fw3_ipt_rule_new(handle);
-		fw3_ipt_rule_target(r, "zone_%s_src_%s", zone->name,
+		fw3_ipt_rule_target(r, "zone_%s_dest_%s", zone->name,
 		                     fw3_flag_names[zone->policy_forward]);
 		fw3_ipt_rule_append(r, "zone_%s_forward", zone->name);