Is there any evidence that this was tested by somebody else but you?

-Michael

On Mon, 2015-12-07 at 15:57 +0100, Alexander Marx wrote:
> When creating SNAT rules, the outgoing interface is not set. As a
> side
> effect, traffic that should be send unnatted to a vpn tunnel can be
> natted which is a BUG.
> With this patch the SNAT rules are getting a outgoing interface
> according to the configuration. When selecting the RED Target
> network,
> all SNAT rules will be configured with "-o red0". Otherwise if "all"
> is
> selected, there is no interface in the rule, which matches all
> networks.
> 
> Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
> ---
>  config/firewall/rules.pl | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index daa9565..8b0c6dd 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -467,6 +467,10 @@ sub buildrules {
>  						} elsif ($NAT_MODE
> eq "SNAT") {
>  							my
> @nat_options = @options;
>  
> +							if
> ($destination_intf) {
> +								push
> (@nat_options, ("-o", $destination_intf));
> +							}
> +
>  							push(@nat_op
> tions, @source_options);
>  							push(@nat_op
> tions, @destination_options);
>