From fca5e39564e488b169c8c535dcf658649f81429e Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 10 Oct 2013 19:59:08 +0000 Subject: [PATCH] Use fw3_ipt_rule_replace() when setting up reflection This avoids duplicate rules in the final ruleset when the target zone contains multiple interfaces. --- redirects.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/redirects.c b/redirects.c index c76d848..b95c1ba 100644 --- a/redirects.c +++ b/redirects.c @@ -546,7 +546,7 @@ print_reflection(struct fw3_ipt_handle *h, struct fw3_state *state, fw3_ipt_rule_time(r, &redir->time); set_comment(r, redir->name, num, true); set_snat_dnat(r, FW3_FLAG_DNAT, &redir->ip_redir, &redir->port_redir); - fw3_ipt_rule_append(r, "zone_%s_prerouting", redir->dest.name); + fw3_ipt_rule_replace(r, "zone_%s_prerouting", redir->dest.name); r = fw3_ipt_rule_create(h, proto, NULL, NULL, ia, &redir->ip_redir); fw3_ipt_rule_sport_dport(r, NULL, &redir->port_redir); @@ -554,7 +554,7 @@ print_reflection(struct fw3_ipt_handle *h, struct fw3_state *state, fw3_ipt_rule_time(r, &redir->time); set_comment(r, redir->name, num, true); set_snat_dnat(r, FW3_FLAG_SNAT, ra, NULL); - fw3_ipt_rule_append(r, "zone_%s_postrouting", redir->dest.name); + fw3_ipt_rule_replace(r, "zone_%s_postrouting", redir->dest.name); break; case FW3_TABLE_FILTER: @@ -564,7 +564,7 @@ print_reflection(struct fw3_ipt_handle *h, struct fw3_state *state, fw3_ipt_rule_time(r, &redir->time); set_comment(r, redir->name, num, true); fw3_ipt_rule_target(r, "zone_%s_dest_ACCEPT", redir->dest.name); - fw3_ipt_rule_append(r, "zone_%s_forward", redir->dest.name); + fw3_ipt_rule_replace(r, "zone_%s_forward", redir->dest.name); break; default: -- 2.25.1