+ {
+ if (ref)
+ fw3_ipt_rule_comment(r, "@redirect[%u] (reflection)", num);
+ else
+ fw3_ipt_rule_comment(r, "@redirect[%u]", num);
+ }
+}
+
+static void
+print_redirect(struct fw3_ipt_handle *h, struct fw3_state *state,
+ struct fw3_redirect *redir, int num,
+ struct fw3_protocol *proto, struct fw3_mac *mac)
+{
+ struct fw3_ipt_rule *r;
+ struct fw3_address *src, *dst;
+ struct fw3_port *spt, *dpt;
+
+ switch (h->table)
+ {
+ case FW3_TABLE_NAT:
+ src = &redir->ip_src;
+ dst = &redir->ip_dest;
+ spt = &redir->port_src;
+ dpt = &redir->port_dest;
+
+ if (redir->target == FW3_FLAG_SNAT)
+ {
+ dst = &redir->ip_redir;
+ dpt = &redir->port_redir;
+ }
+
+ r = fw3_ipt_rule_create(h, proto, NULL, NULL, src, dst);
+ fw3_ipt_rule_sport_dport(r, spt, dpt);
+ fw3_ipt_rule_mac(r, mac);
+ fw3_ipt_rule_ipset(r, redir->_ipset, redir->ipset.invert);
+ fw3_ipt_rule_time(r, &redir->time);
+ fw3_ipt_rule_mark(r, &redir->mark);
+ set_target_nat(r, redir);
+ fw3_ipt_rule_extra(r, redir->extra);
+ set_comment(r, redir->name, num, false);
+ append_chain_nat(r, redir);
+ break;
+
+ case FW3_TABLE_FILTER:
+ src = &redir->ip_src;
+ dst = &redir->ip_redir;
+ spt = &redir->port_src;
+ dpt = &redir->port_redir;
+
+ r = fw3_ipt_rule_create(h, proto, NULL, NULL, src, dst);
+ fw3_ipt_rule_sport_dport(r, spt, dpt);
+ fw3_ipt_rule_mac(r, mac);
+ fw3_ipt_rule_ipset(r, redir->_ipset, redir->ipset.invert);
+ fw3_ipt_rule_time(r, &redir->time);
+ fw3_ipt_rule_mark(r, &redir->mark);
+ set_target_filter(r, redir);
+ fw3_ipt_rule_extra(r, redir->extra);
+ set_comment(r, redir->name, num, false);
+ append_chain_filter(r, redir);
+ break;
+
+ default:
+ break;
+ }
+}
+
+static void
+print_reflection(struct fw3_ipt_handle *h, struct fw3_state *state,
+ struct fw3_redirect *redir, int num,
+ struct fw3_protocol *proto, struct fw3_address *ra,
+ struct fw3_address *ia, struct fw3_address *ea)
+{
+ struct fw3_ipt_rule *r;
+
+ switch (h->table)
+ {
+ case FW3_TABLE_NAT:
+ r = fw3_ipt_rule_create(h, proto, NULL, NULL, ia, ea);
+ fw3_ipt_rule_sport_dport(r, NULL, &redir->port_dest);
+ fw3_ipt_rule_time(r, &redir->time);
+ set_comment(r, redir->name, num, true);
+ set_snat_dnat(r, FW3_FLAG_DNAT, &redir->ip_redir, &redir->port_redir);
+ fw3_ipt_rule_append(r, "zone_%s_prerouting", redir->dest.name);
+
+ r = fw3_ipt_rule_create(h, proto, NULL, NULL, ia, &redir->ip_redir);
+ fw3_ipt_rule_sport_dport(r, NULL, &redir->port_redir);
+ fw3_ipt_rule_time(r, &redir->time);
+ set_comment(r, redir->name, num, true);
+ set_snat_dnat(r, FW3_FLAG_SNAT, ra, NULL);
+ fw3_ipt_rule_append(r, "zone_%s_postrouting", redir->dest.name);
+ break;
+
+ case FW3_TABLE_FILTER:
+ r = fw3_ipt_rule_create(h, proto, NULL, NULL, ia, &redir->ip_redir);
+ fw3_ipt_rule_sport_dport(r, NULL, &redir->port_redir);
+ fw3_ipt_rule_time(r, &redir->time);
+ set_comment(r, redir->name, num, true);
+ fw3_ipt_rule_target(r, "zone_%s_dest_ACCEPT", redir->dest.name);
+ fw3_ipt_rule_append(r, "zone_%s_forward", redir->dest.name);
+ break;
+
+ default:
+ break;
+ }