From: Hans Dedecker Date: Thu, 6 Dec 2018 17:03:06 +0000 (+0100) Subject: redirects: properly handle src_dport in SNAT rules X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=14589c80cde937162da02414a0103653a566e866;p=oweals%2Ffirewall3.git redirects: properly handle src_dport in SNAT rules In case of SNAT rules the src_dport parameter is used both as a rewrite parameter as well as a matching parameter which is not the expected behavior. The latter is caused by port_redir being set to src_dport in case dest_port parameter is not. As this logic is in place to mimic the old shell script based firewall behavior for DNAT only set port_redir in case the redirect rule is a DNAT rule. Signed-off-by: Hans Dedecker Acked-by: Jo-Philipp Wich --- diff --git a/redirects.c b/redirects.c index 6cd09f1..ab95395 100644 --- a/redirects.c +++ b/redirects.c @@ -350,7 +350,7 @@ check_redirect(struct fw3_state *state, struct fw3_redirect *redir, struct uci_e if (!valid) return false; - if (!redir->port_redir.set) + if (redir->target == FW3_FLAG_DNAT && !redir->port_redir.set) redir->port_redir = redir->port_dest; return true;