[OpenWrt-Devel] [PATCH firewall3] redirects: properly handle src_dport in SNAT rules
Jo-Philipp Wich
jo at mein.io
Thu Dec 6 13:59:09 EST 2018
Hi,
On 12/6/18 6:03 PM, Hans Dedecker wrote:
> In case of SNAT rules the src_dport parameter is used both as a rewrite
> parameter as well as a matching parameter which is not the expected
> behavior.
> The latter is caused by port_redir being set to src_dport in case dest_port
> parameter is not.
> As this logic is in place to mimic the old shell script based firewall
> behavior for DNAT only set port_redir in case the redirect rule is
> a DNAT rule.
>
> Signed-off-by: Hans Dedecker <dedeckeh at gmail.com>
Acked-by: Jo-Philipp Wich <jo at mein.io>
> ---
> redirects.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/redirects.c b/redirects.c
> index 6cd09f1..ab95395 100644
> --- a/redirects.c
> +++ b/redirects.c
> @@ -350,7 +350,7 @@ check_redirect(struct fw3_state *state, struct fw3_redirect *redir, struct uci_e
> if (!valid)
> return false;
>
> - if (!redir->port_redir.set)
> + if (redir->target == FW3_FLAG_DNAT && !redir->port_redir.set)
> redir->port_redir = redir->port_dest;
>
> return true;
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20181206/9fef169f/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list