+ struct fw3_ipt_rule *r;
+ struct fw3_address *src, *dst;
+ struct fw3_port *spt, *dpt;
+
+ switch (h->table)
+ {
+ case FW3_TABLE_NAT:
+ src = &redir->ip_src;
+ dst = &redir->ip_dest;
+ spt = &redir->port_src;
+ dpt = &redir->port_dest;
+
+ if (redir->target == FW3_FLAG_SNAT)
+ {
+ dst = &redir->ip_redir;
+ dpt = &redir->port_redir;
+ }
+
+ r = fw3_ipt_rule_create(h, proto, NULL, NULL, src, dst);
+ fw3_ipt_rule_sport_dport(r, spt, dpt);
+ fw3_ipt_rule_mac(r, mac);
+ fw3_ipt_rule_ipset(r, &redir->ipset);
+ fw3_ipt_rule_limit(r, &redir->limit);
+ fw3_ipt_rule_time(r, &redir->time);
+ fw3_ipt_rule_mark(r, &redir->mark);
+ set_target_nat(r, redir);
+ fw3_ipt_rule_extra(r, redir->extra);
+ set_comment(r, redir->name, num, false);
+ append_chain_nat(r, redir);
+ break;
+
+ default:
+ break;
+ }
+}
+
+static void
+print_reflection(struct fw3_ipt_handle *h, struct fw3_state *state,
+ struct fw3_redirect *redir, int num,
+ struct fw3_protocol *proto, struct fw3_address *ra,
+ struct fw3_address *ia, struct fw3_address *ea)
+{
+ struct fw3_ipt_rule *r;
+
+ switch (h->table)
+ {
+ case FW3_TABLE_NAT:
+ r = fw3_ipt_rule_create(h, proto, NULL, NULL, ia, ea);
+ fw3_ipt_rule_sport_dport(r, NULL, &redir->port_dest);
+ fw3_ipt_rule_limit(r, &redir->limit);
+ fw3_ipt_rule_time(r, &redir->time);
+ set_comment(r, redir->name, num, true);
+ set_snat_dnat(r, FW3_FLAG_DNAT, &redir->ip_redir, &redir->port_redir);
+ fw3_ipt_rule_replace(r, "zone_%s_prerouting", redir->dest.name);
+
+ r = fw3_ipt_rule_create(h, proto, NULL, NULL, ia, &redir->ip_redir);
+ fw3_ipt_rule_sport_dport(r, NULL, &redir->port_redir);
+ fw3_ipt_rule_limit(r, &redir->limit);
+ fw3_ipt_rule_time(r, &redir->time);
+ set_comment(r, redir->name, num, true);
+ set_snat_dnat(r, FW3_FLAG_SNAT, ra, NULL);
+ fw3_ipt_rule_replace(r, "zone_%s_postrouting", redir->dest.name);
+ break;
+
+ default:
+ break;
+ }