mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-03-20 02:07:23 +01:00
ef3931f4da
bug (no #): policy compiler for iptables did not handle correctly rules where a host that has multiple addresses was a single object in a rule element and had negation. * NATCompiler_ipt.cpp (singleObjectNegation::processNext): added support for single object negation in OSrc and ODst in NAT rules. This provides for more compact iptables script in the often used case where single object is used with negation in these elements of a NAT rule. Other improvements in handling NAT rules with negation.