onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 19:57:21 +01:00
Code Issues Releases Wiki Activity

* NATCompiler_ipt.cpp (localNATRule::processNext): see #1685

Browse Source 
"iptables redirecting NAT rules in the OUTPUT chain". This fix
makes it possible to create iptables NAT rule with target REDIRECT
in the OUTPUT chain. The rule should have firewall object in OSrc
and TDst rule elements.
This commit is contained in:
Vadim Kurland 2010-08-19 18:40:48 +00:00
parent c993ccd943
commit 4c60f2a610
4 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 3236
#define BUILD_NUM 3237

6
doc/ChangeLog
View File

@ -8,6 +8,12 @@
will use PREROUTING and POSTROUTING in single compile mode but issue
a warning.
* NATCompiler_ipt.cpp (localNATRule::processNext): see #1685
"iptables redirecting NAT rules in the OUTPUT chain". This fix
makes it possible to create iptables NAT rule with target REDIRECT
in the OUTPUT chain. The rule should have firewall object in OSrc
and TDst rule elements.
* NATCompiler_PrintRule.cpp (PrintRule::processNext): fixed #1693
SF bug 3048516 "NAT rule with 'Use SNAT instead MASQ' doesn't
work". NAT rule using combination of the option "Use SNAT instead

2
src/iptlib/NATCompiler_ipt.cpp
View File

@ -2064,7 +2064,7 @@ bool NATCompiler_ipt::localNATRule::processNext()
{
case NATRule::DNAT:
case NATRule::DNetnat:
case NATRule::Redirect:
/* it should not be necessary to do anything if rule type is NONAT
* since splitNONATRule takes care of NONAT rules
*

26
test/ipt/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1280885247" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1282242248" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -4640,6 +4640,7 @@
<TCPService id="id46355X95438" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="False" name="New TCP Service 1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1" dst_range_end="1"/>
<TCPService id="id69385X25753" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ports 3050-3051" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3050" dst_range_end="3051"/>
<TCPService id="id69386X25753" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="port 700" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="700" dst_range_end="700"/>
<TCPService id="id1195021X6573" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp-9040" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="9040" dst_range_end="9040"/>
</ServiceGroup>
<ServiceGroup id="stdid08_1" name="UDP" comment="" ro="False">
<UDPService id="id3ED59BF0" name="udp-src-6767" comment="" ro="False" src_range_start="6767" src_range_end="6767" dst_range_start="0" dst_range_end="0"/>
@ -8138,7 +8139,7 @@
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AFB66C6" host_OS="linux24" inactive="False" lastCompiled="1273779773" lastInstalled="1142003872" lastModified="1264552639" platform="iptables" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
<Firewall id="id3AFB66C6" host_OS="linux24" inactive="False" lastCompiled="1273779773" lastInstalled="1142003872" lastModified="1282242276" platform="iptables" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
<NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3AFB66C8" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -9235,6 +9236,27 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id1194991X6573" disabled="False" group="" position="49" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="id3AFB66C6"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id1195021X6573"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id3AFB66C6"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id1195021X6573"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id3AFB66E4" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">