]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/commitdiff
projects / people / teissler / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 292cad9)
firewall: Resurrect port forwardings with different external ports.
authorMichael Tremer <michael.tremer@ipfire.org>
Sun, 2 Mar 2014 21:35:27 +0000 (22:35 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Sun, 2 Mar 2014 21:35:27 +0000 (22:35 +0100)
config/firewall/rules.pl patch | blob | blame | history

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 2ce31c9a256d6ec3a0fc63da87cc23221a10cf37..52821e1ab39e3cd0e5368cd14445fb6ca5956061 100755 (executable)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -303,22 +303,6 @@ sub buildrules {
 
                                                                if ($dnat_port) {
                                                                        $dnat_address .= ":$dnat_port";
 
                                                                if ($dnat_port) {
                                                                        $dnat_address .= ":$dnat_port";
-
-                                                                       # Replace --dport with the translated one.
-                                                                       my @new_nat_options = ();
-                                                                       my $skip_count = 0;
-                                                                       foreach my $option (@nat_options) {
-                                                                               next if ($skip_count-- > 0);
-
-                                                                               if ($option eq "--dport") {
-                                                                                       push(@new_nat_options, ("--dport", $dnat_port));
-                                                                                       $skip_count = 1;
-                                                                                       next;
-                                                                               }
-
-                                                                               push(@new_nat_options, $option);
-                                                                       }
-                                                                       @nat_options = @new_nat_options;
                                                                }
                                                        }
 
                                                                }
                                                        }
 
@@ -688,11 +672,11 @@ sub get_protocol_options {
        if ($use_dst_ports) {
                my $dst_ports_mode = $$hash{$key}[14];
                my $dst_ports      = $$hash{$key}[15];
        if ($use_dst_ports) {
                my $dst_ports_mode = $$hash{$key}[14];
                my $dst_ports      = $$hash{$key}[15];
-               if ($use_dnat && $$hash{$key}[30]) {
-                       $dst_ports = $$hash{$key}[30];
-               }
 
                if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) {
 
                if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) {
+                       if ($use_dnat && $$hash{$key}[30]) {
+                               $dst_ports = $$hash{$key}[30];
+                       }
                        push(@options, &format_ports($dst_ports, "dst"));
 
                } elsif ($dst_ports_mode eq "cust_srv") {
                        push(@options, &format_ports($dst_ports, "dst"));
 
                } elsif ($dst_ports_mode eq "cust_srv") {
@@ -738,7 +722,9 @@ sub format_ports {
                push(@options, ("-m", "multiport"));
        }
 
                push(@options, ("-m", "multiport"));
        }
 
-       push(@options, ($arg, $ports));
+       if ($ports) {
+               push(@options, ($arg, $ports));
+       }
 
        return @options;
 }
 
        return @options;
 }
@@ -748,7 +734,12 @@ sub get_dnat_target_port {
        my $key  = shift;
 
        if ($$hash{$key}[14] eq "TGT_PORT") {
        my $key  = shift;
 
        if ($$hash{$key}[14] eq "TGT_PORT") {
-               return $$hash{$key}[15];
+               my $port = $$hash{$key}[15];
+               my $external_port = $$hash{$key}[30];
+
+               if ($external_port && ($port ne $external_port)) {
+                       return $$hash{$key}[15];
+               }
        }
 }
 
        }
 }
 
Timo's tree of IPFire 2.x