From fe07e06ad048b9376548eaa0117f0b5866bdaa1e Mon Sep 17 00:00:00 2001 From: bbruns Date: Sun, 13 Apr 2014 17:40:12 +0000 Subject: [PATCH] Fix port forwarding with FORWARD set to DROP by default --- lib/iptables.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/iptables.inc b/lib/iptables.inc index 1518671..cb31387 100644 --- a/lib/iptables.inc +++ b/lib/iptables.inc @@ -593,6 +593,7 @@ function enable_portfw { [[ ${protocol} != "-" ]] && protocol="-p ${protocol}" [[ ${intip} != "-" ]] && intdest="--to-destination ${intip}:${intport}" [[ ${interface} != "-" ]] && interface="-i ${interface}" + [[ ${intip} != "-" ]] && intip="-d ${intip}" [[ ${address} != "-" ]] && address="-d ${address}" [[ ${srcaddress} != "-" ]] && srcaddress="-s ${srcaddress}" @@ -604,7 +605,7 @@ function enable_portfw { [[ ${srcaddress} == "-" ]] && srcaddress="" ${VER_IPTABLES} -A ${PortForward} -t nat ${protocol} ${service} ${interface} ${address} ${srcaddress} -j DNAT ${intdest} - ${VER_IPTABLES} -A ${InFilter} ${protocol} ${service} ${interface} ${address} ${srcaddress} ${conntrack_state} -j ACCEPT + ${VER_IPTABLES} -A ${FwdFilter} ${protocol} ${service} ${interface} ${intip} ${srcaddress} ${conntrack_state} -j ACCEPT done < "${FWCONFIGDIR}/ipv${IPVER}/portfw.conf" ${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"