Infer destination zone of DNAT redirects from dest_ip option

[oweals/firewall3.git] / rules.c

diff --git a/rules.c b/rules.c
index 145b71f4df3991a792191de4cd7ed62a0d730fde..eea872496e5e42c25d9116d8aa755637161b710f 100644 (file)
--- a/rules.c
+++ b/rules.c
@@ -32,11 +32,11 @@ const struct fw3_option fw3_rule_opts[] = {
 
        FW3_LIST("proto",              protocol,  rule,     proto),
 
-       FW3_LIST("src_ip",             address,   rule,     ip_src),
+       FW3_LIST("src_ip",             network,   rule,     ip_src),
        FW3_LIST("src_mac",            mac,       rule,     mac_src),
        FW3_LIST("src_port",           port,      rule,     port_src),
 
-       FW3_LIST("dest_ip",            address,   rule,     ip_dest),
+       FW3_LIST("dest_ip",            network,   rule,     ip_dest),
        FW3_LIST("dest_port",          port,      rule,     port_dest),
 
        FW3_LIST("icmp_type",          icmptype,  rule,     icmp_type),
@@ -245,7 +245,13 @@ append_chain(struct fw3_ipt_rule *r, struct fw3_rule *rule)
                }
 
                if (rule->dest.set && !rule->src.set)
-                       snprintf(chain, sizeof(chain), "zone_%s_output", rule->dest.name);
+               {
+                       if (rule->dest.any)
+                               snprintf(chain, sizeof(chain), "delegate_output");
+                       else
+                               snprintf(chain, sizeof(chain), "zone_%s_output",
+                                        rule->dest.name);
+               }
        }
 
        fw3_ipt_rule_append(r, chain);