From e1eef9d53e80503c97f86587d1f8e0fb99195a96 Mon Sep 17 00:00:00 2001
From: Alexander Marx <amarx@ipfire.org>
Date: Mon, 27 May 2013 10:33:50 +0200
Subject: [PATCH] Forward Firewall: BUGFIX: When creating DMZ Rules with MANUAL
 IP as source and afterwards editing the rule, the rule was copied and not
 just edited. BUGFIX: When using SNAT (outbound) the rule does not seem to
 work. The NAT_SOURCE chain was on wron position in POSTROUTING

---
 html/cgi-bin/forwardfw.cgi      | 8 ++++----
 src/initscripts/init.d/firewall | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi
index 0fbc030b6e..35d0bc5638 100755
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -78,7 +78,7 @@ my %aliases=();
 my %optionsfw=();
 my %ifaces=();
 
-my $VERSION='0.9.9.6';
+my $VERSION='0.9.9.6a';
 my $color;
 my $confignet		= "${General::swroot}/fwhosts/customnetworks";
 my $confighost		= "${General::swroot}/fwhosts/customhosts";
@@ -596,7 +596,7 @@ sub addrule
 	if (-f "${General::swroot}/forward/reread"){
 		print "<table border='0'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: red; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</div</td></tr></table></form><hr><br>";
 	}
-	&Header::openbox('100%', 'left', "");
+	&Header::openbox('100%', 'left',  $Lang::tr{'fwdfw menu'});
 	print "<form method='post'>";
 	print "<table border='0'>";
 	print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
@@ -2151,7 +2151,7 @@ sub saverule
 			#print"6";
 		}
 		#check if we change a DMZ to a FORWARD/DMZ
-		elsif($fwdfwsettings{'oldruletype'} eq 'DMZ'  && $fwdfwsettings{'chain'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
+		elsif($fwdfwsettings{'oldruletype'} eq 'DMZ'  && $fwdfwsettings{'chain'} eq 'FORWARDFW' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE' && $checkorange ne 'on'){
 			&changerule($configdmz);
 			#print"7";
 		}
@@ -2194,7 +2194,7 @@ sub saverule
 			#print"14";
 		}
 		#check if we change a FORWARD rule to an DMZ
-		elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW'  && $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on'){
+		elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW'  && ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on')){
 			&changerule($configfwdfw);
 			#print"15";
 		}
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 183ff5ba2f..200c1550e7 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -243,7 +243,7 @@ case "$1" in
 	/sbin/iptables -t nat -N NAT_DESTINATION
 	/sbin/iptables -t nat -N NAT_SOURCE
 	/sbin/iptables -t nat -A PREROUTING -j NAT_DESTINATION
-	/sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
+	/sbin/iptables -t nat -I POSTROUTING 2 -j NAT_SOURCE
 	
 	
 	# upnp chain for our upnp daemon
-- 
2.39.5

