[OpenWrt-Devel] [PATCH] redirects: properly handle src_dport in SNAT rules
Hans Dedecker
dedeckeh at gmail.com
Thu Dec 6 12:01:55 EST 2018
In case of SNAT rules the src_dport parameter is used both as a rewrite
parameter as well as a matching parameter which is not the expected
behavior.
The latter is caused by port_redir being set to src_dport in case dest_port
parameter is not.
As this logic is in place to mimic the old shell script based firewall
behavior for DNAT only set port_redir in case the redirect rule is
a DNAT rule.
Signed-off-by: Hans Dedecker <dedeckeh at gmail.com>
---
redirects.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/redirects.c b/redirects.c
index 6cd09f1..ab95395 100644
--- a/redirects.c
+++ b/redirects.c
@@ -350,7 +350,7 @@ check_redirect(struct fw3_state *state, struct fw3_redirect *redir, struct uci_e
if (!valid)
return false;
- if (!redir->port_redir.set)
+ if (redir->target == FW3_FLAG_DNAT && !redir->port_redir.set)
redir->port_redir = redir->port_dest;
return true;
--
2.19.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list