X-Git-Url: https://git.archive.openwrt.org/?p=openwrt.git;a=blobdiff_plain;f=package%2Fnetwork%2Fconfig%2Ffirewall%2Ffiles%2Flib%2Fcore_rule.sh;h=0ce2122be4dabcce6b79978c03579c84432afcaf;hp=f49c42af55bf40407476e32948c091c202571c5e;hb=6351a51255125f717fae33ff0b2852b0ba3dd551;hpb=6ec4b12517f63923263923141b648f13a5e952a9

diff --git a/package/network/config/firewall/files/lib/core_rule.sh b/package/network/config/firewall/files/lib/core_rule.sh
index f49c42af55..0ce2122be4 100644
--- a/package/network/config/firewall/files/lib/core_rule.sh
+++ b/package/network/config/firewall/files/lib/core_rule.sh
@@ -34,7 +34,7 @@ fw_load_rule() {
 	fw_callback pre rule
 
 	local table=f
-	local chain=input
+	local chain=delegate_output
 	local target="${rule_target:-REJECT}"
 	if [ "$target" == "NOTRACK" ]; then
 		table=r
@@ -42,16 +42,23 @@ fw_load_rule() {
 	else
 		if [ -n "$rule_src" ]; then
 			if [ "$rule_src" != "*" ]; then
-				chain="zone_${rule_src}${rule_dest:+_forward}"
+				if [ -n "$rule_dest" ]; then
+					chain="zone_${rule_src}_forward"
+				else
+					chain="zone_${rule_src}_input"
+				fi
 			else
-				chain="${rule_dest:+forward}"
-				chain="${chain:-input}"
+				chain="${rule_dest:+delegate_forward}"
+				chain="${chain:-delegate_input}"
 			fi
 		fi
 
 		if [ -n "$rule_dest" ]; then
 			if [ "$rule_dest" != "*" ]; then
-				target="zone_${rule_dest}_${target}"
+				target="zone_${rule_dest}_dest_${target}"
+				if [ -z "$rule_src" ]; then
+					chain="zone_${rule_dest}_output"
+				fi
 			elif [ "$target" = REJECT ]; then
 				target=reject
 			fi