webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 11:35:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

BUG10994: SNAT rules are missing the outgoing interface

Browse Source 
When creating SNAT rules, the outgoing interface is not set. As a side
effect, traffic that should be send unnatted to a vpn tunnel can be
natted which is a BUG.
With this patch the SNAT rules are getting a outgoing interface
according to the configuration. When selecting the RED Target network,
all SNAT rules will be configured with "-o red0". Otherwise if "all" is
selected, there is no interface in the rule, which matches all networks.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Alexander Marx
2015-12-07 15:57:32 +01:00
committed by Michael Tremer
parent 08729f79fb
commit 306098a498
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/firewall/rules.pl
View File

@@ -467,6 +467,10 @@ sub buildrules {
} elsif ($NAT_MODE eq "SNAT") {
my @nat_options = @options;
if ($destination_intf) {
push(@nat_options, ("-o", $destination_intf));
}
push(@nat_options, @source_options);
push(@nat_options, @destination_options);