# Check if this protocol knows ports.
my $protocol_has_ports = ($protocol ~~ @PROTOCOLS_WITH_PORTS);
- foreach my $source (@sources) {
- foreach my $destination (@destinations) {
- # Skip invalid rules.
- next if (!$source || !$destination || ($destination eq "none"));
+ foreach my $src (@sources) {
+ # Skip invalid source.
+ next unless ($src);
+
+ # Sanitize source.
+ my $source = $src;
+ if ($source ~~ @ANY_ADDRESSES) {
+ $source = "";
+ }
- # Sanitize source.
- if ($source ~~ @ANY_ADDRESSES) {
- $source = "";
- }
+ foreach my $dst (@destinations) {
+ # Skip invalid rules.
+ next if (!$dst || ($dst eq "none"));
# Sanitize destination.
+ my $destination = $dst;
if ($destination ~~ @ANY_ADDRESSES) {
$destination = "";
}
}
push(@nat_options, @source_options);
push(@nat_options, ("-d", $nat_address));
+ push(@nat_options, @time_options);
my $dnat_port;
if ($protocol_has_ports) {
# Use iptables DNAT
} else {
+ if ($destination_is_firewall && !$destination) {
+ $destination = &fwlib::get_external_address();
+ }
+ next unless ($destination);
+
my ($dnat_address, $dnat_mask) = split("/", $destination);
@destination_options = ("-d", $dnat_address);