Overview

File SuSEfirewall2-fix-forward-masquerading-bnc-736205.diff of Package SuSEfirewall2.openSUSE_12.1_Update

From cb9cbaf4e7f5ff1bde03d9c9a9b673c0b105e620 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 14 Dec 2011 17:54:32 +0100
Subject: [PATCH] fix forward masquerading (bnc#736205)

---
 SuSEfirewall2 |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/SuSEfirewall2 b/SuSEfirewall2
index 0bb8ee3..8079ae2 100755
--- a/SuSEfirewall2
+++ b/SuSEfirewall2
@@ -2182,6 +2182,7 @@ forward_masquerading_rules()
 	else
 	    eval `net2srcdst net1 "$net1"`
 	    eval `net2srcdst net2 "$net2"`
+	    eval `net2srcdst target "$target"`
 	    proto="-p $proto"
 	    test -z "$port2" && port2="$port1"
 	    port1="--dport $port1"
@@ -2198,10 +2199,10 @@ forward_masquerading_rules()
 	    done
 	    for chain in $forward_zones; do
 		chain=forward_$chain
-		$LAC $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-REVMASQ " $proto $net1_src $net2_dst $dport2 -m conntrack --ctstate NEW
-		$LAA $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-REVMASQ " $proto $net1_src $net2_dst $dport2
-		$IPTABLES -A $chain -j "$ACCEPT" $proto $net1_src $net2_dst $dport2
-		$IPTABLES -A $chain -j "$ACCEPT" $proto $net1_dst $net2_src -m conntrack --ctstate ESTABLISHED,RELATED
+		$LAC $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-REVMASQ " $proto $net1_src $target_dst $dport2 -m conntrack --ctstate NEW
+		$LAA $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-REVMASQ " $proto $net1_src $target_dst $dport2
+		$IPTABLES -A $chain -j "$ACCEPT" $proto $net1_src $target_dst $dport2
+		$IPTABLES -A $chain -j "$ACCEPT" $proto $net1_dst $target_src -m conntrack --ctstate ESTABLISHED,RELATED
 	    done
 	fi
     done
-- 
1.7.7
openSUSE Build Service is sponsored by
Places