FW3_LIST("proto", protocol, rule, proto),
- FW3_LIST("src_ip", address, rule, ip_src),
+ FW3_LIST("src_ip", network, rule, ip_src),
FW3_LIST("src_mac", mac, rule, mac_src),
FW3_LIST("src_port", port, rule, port_src),
- FW3_LIST("dest_ip", address, rule, ip_dest),
+ FW3_LIST("dest_ip", network, rule, ip_dest),
FW3_LIST("dest_port", port, rule, port_dest),
FW3_LIST("icmp_type", icmptype, rule, icmp_type),
}
if (rule->dest.set && !rule->src.set)
- snprintf(chain, sizeof(chain), "zone_%s_output", rule->dest.name);
+ {
+ if (rule->dest.any)
+ snprintf(chain, sizeof(chain), "delegate_output");
+ else
+ snprintf(chain, sizeof(chain), "zone_%s_output",
+ rule->dest.name);
+ }
}
fw3_ipt_rule_append(r, chain);
if (!fw3_is_family(sip, handle->family) ||
!fw3_is_family(dip, handle->family))
{
- info(" ! Skipping due to different family of ip address");
+ if ((sip && !sip->resolved) || (dip && !dip->resolved))
+ info(" ! Skipping due to different family of ip address");
+
return;
}