- for redirect_proto in $redirect_proto; do
- local pos
- eval 'pos=$((++FW__REDIR_COUNT_'${mode#G}'_'$natchain'))'
-
- fw add $mode n $natchain $redirect_target $pos { $redirect_src_ip $redirect_dest_ip } { \
- $srcaddr $srcdaddr \
- ${redirect_proto:+-p $redirect_proto} \
- ${srcports:+--sport $srcports} \
- ${srcdports:+--dport $srcdports} \
- ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \
- $natopt $nataddr${natports:+:$natports} \
- }
-
- fw add $mode f ${fwdchain:-forward} ACCEPT ^ { $redirect_src_ip $redirect_dest_ip } { \
- $srcaddr ${destaddr:--m conntrack --ctstate DNAT} \
- ${redirect_proto:+-p $redirect_proto} \
- ${srcports:+--sport $srcports} \
- ${destports:+--dport $destports} \
- ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \
- }
+ local pr; for pr in $redirect_proto; do
+ fw_get_negation pr '-p' "$pr"
+ local sm; for sm in ${redirect_src_mac:-""}; do
+ fw_get_negation sm '--mac-source' "$sm"
+ fw add $mode n $natchain $redirect_target + \
+ { $redirect_src_ip $redirect_dest_ip } { \
+ $srcaddr $srcdaddr $pr \
+ $srcports $srcdports \
+ ${sm:+-m mac $sm} \
+ $natopt $nataddr${natports:+:$natports} \
+ $redirect_options \
+ }
+
+ fw add $mode f ${fwdchain:-forward} ACCEPT + \
+ { $redirect_src_ip $redirect_dest_ip } { \
+ $srcaddr ${destaddr:--m conntrack --ctstate DNAT} \
+ $pr \
+ $srcports $destports \
+ ${sm:+-m mac $sm} \
+ $redirect_extra \
+ }
+ done