projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
nat: allow ACCEPT-target to explicitely disable NAT
[project/firewall3.git]
/
snats.c
diff --git
a/snats.c
b/snats.c
index
00fd57c
..
11bcc06
100644
(file)
--- a/
snats.c
+++ b/
snats.c
@@
-179,7
+179,8
@@
fw3_load_snats(struct fw3_state *state, struct uci_package *p)
warn_elem(e, "has no target specified, defaulting to MASQUERADE");
snat->target = FW3_FLAG_MASQUERADE;
}
warn_elem(e, "has no target specified, defaulting to MASQUERADE");
snat->target = FW3_FLAG_MASQUERADE;
}
- else if (snat->target < FW3_FLAG_SNAT || snat->target > FW3_FLAG_MASQUERADE)
+ else if (snat->target != FW3_FLAG_ACCEPT && snat->target != FW3_FLAG_SNAT &&
+ snat->target != FW3_FLAG_MASQUERADE)
{
warn_elem(e, "has invalid target specified, defaulting to MASQUERADE");
snat->target = FW3_FLAG_MASQUERADE;
{
warn_elem(e, "has invalid target specified, defaulting to MASQUERADE");
snat->target = FW3_FLAG_MASQUERADE;
@@
-192,15
+193,15
@@
fw3_load_snats(struct fw3_state *state, struct uci_package *p)
fw3_free_snat(snat);
continue;
}
fw3_free_snat(snat);
continue;
}
- else if (snat->target
== FW3_FLAG_MASQUERADE
&& snat->ip_snat.set)
+ else if (snat->target
!= FW3_FLAG_SNAT
&& snat->ip_snat.set)
{
{
- warn_elem(e, "must not use 'snat_ip' for
MASQUERADE
");
+ warn_elem(e, "must not use 'snat_ip' for
non-SNAT
");
fw3_free_snat(snat);
continue;
}
fw3_free_snat(snat);
continue;
}
- else if (snat->target
== FW3_FLAG_MASQUERADE
&& snat->port_snat.set)
+ else if (snat->target
!= FW3_FLAG_SNAT
&& snat->port_snat.set)
{
{
- warn_elem(e, "must not use 'snat_port' for
MASQUERADE
");
+ warn_elem(e, "must not use 'snat_port' for
non-SNAT
");
fw3_free_snat(snat);
continue;
}
fw3_free_snat(snat);
continue;
}
@@
-258,6
+259,10
@@
set_target(struct fw3_ipt_rule *r, struct fw3_snat *snat,
fw3_ipt_rule_target(r, "SNAT");
fw3_ipt_rule_addarg(r, false, "--to-source", buf);
}
fw3_ipt_rule_target(r, "SNAT");
fw3_ipt_rule_addarg(r, false, "--to-source", buf);
}
+ else if (snat->target == FW3_FLAG_ACCEPT)
+ {
+ fw3_ipt_rule_target(r, "ACCEPT");
+ }
else
{
fw3_ipt_rule_target(r, "MASQUERADE");
else
{
fw3_ipt_rule_target(r, "MASQUERADE");