[package] firewall: restore local port relocation ability from r26617

author jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>

Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)

committer jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>

Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)
author jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)
committer jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)
diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh

index f511d29..0b8030d 100644 (file)
--- a/package/firewall/files/lib/core_redirect.sh
+++ b/package/firewall/files/lib/core_redirect.sh
@@ -34,7 +34,7 @@ fw_load_redirect() {
                         return 0
                 }
  
-               fwdchain="zone_${redirect_src}_forward"
+               fwdchain="zone_${redirect_src}${redirect_dest_ip:+_forward}"
  
                 natopt="--to-destination"
                 natchain="zone_${redirect_src}_prerouting"
@@ -104,10 +104,10 @@ fw_load_redirect() {
                                 $redirect_options \
                         }
  
-                       [ -n "$destaddr" ] && \
                         fw add $mode f ${fwdchain:-forward} ACCEPT + \
                                 { $redirect_src_ip $redirect_dest_ip } { \
-                               $srcaddr $destaddr $redirect_proto \
+                               $srcaddr ${destaddr:--m conntrack --ctstate DNAT} \
+                               $redirect_proto \
                                 $srcports $destports \
                                 $redirect_src_mac \
                                 $redirect_extra \
author	jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
	Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)
committer	jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
	Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)