Do not accept option src_mac for SNAT rules

diff --git a/redirects.c b/redirects.c
index 3e6902d5583acd28bffe820e8761338ff9d0448a..43ef65b377573fb2015a93c9467fe44c3a373924 100644 (file)
--- a/redirects.c
+++ b/redirects.c
@@ -114,7 +114,7 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p)
        struct uci_element *e;
        struct fw3_redirect *redir;
 
-       bool valid = false;
+       bool valid;
 
        INIT_LIST_HEAD(&state->redirects);
 
@@ -138,6 +138,8 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p)
                redir->enabled = true;
                redir->reflection = true;
 
+               valid = false;
+
                fw3_parse_options(redir, fw3_redirect_opts, s);
 
                if (!redir->enabled)
@@ -225,6 +227,8 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p)
                                warn_elem(e, "has no destination specified");
                        else if (!redir->ip_dest.set)
                                warn_elem(e, "has no src_dip option specified");
+                       else if (!list_empty(&redir->mac_src))
+                               warn_elem(e, "must not use 'src_mac' option for SNAT target");
                        else
                        {
                                set(redir->_dest->flags, FW3_FAMILY_V4, redir->target);

diff --git a/zones.c b/zones.c
index 2a230c579e4c2bb6de50f93553bd62f58350f5be..a2ace471c3e6088d027e8e82fc3bfd2b8fd3f64a 100644 (file)
--- a/zones.c
+++ b/zones.c
@@ -499,7 +499,7 @@ fw3_print_zone_rules(struct fw3_state *state, enum fw3_family family,
 
 void
 fw3_flush_zones(struct fw3_state *state, enum fw3_family family,
-                               enum fw3_table table, bool reload, bool pass2)
+                enum fw3_table table, bool reload, bool pass2)
 {
        struct fw3_zone *z, *tmp;
        uint32_t custom_mask = ~0;