[git.ipfire.org] IPFire 2.x development tree branch, master, updated. ff7cb6d60fd1787b2810370e2a1200034535bd16

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. ff7cb6d60fd1787b2810370e2a1200034535bd16
@ 2014-04-21 11:53 git
  0 siblings, 0 replies; only message in thread
From: git @ 2014-04-21 11:53 UTC (permalink / raw)
  To: ipfire-scm

[-- Attachment #1: Type: text/plain, Size: 2486 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  ff7cb6d60fd1787b2810370e2a1200034535bd16 (commit)
      from  c3a86f4d20c066b3843a57542e3782ccef18e757 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ff7cb6d60fd1787b2810370e2a1200034535bd16
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Apr 20 18:13:35 2014 +0200

    firewall: Fix accessing port forwardings from internal networks.
    
    When a different "external port" was used, false rules have
    been created in the mangle table.

-----------------------------------------------------------------------

Summary of changes:
 config/firewall/rules.pl | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 2c314d1..c0ddcb2 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -354,20 +354,21 @@ sub buildrules {
 
 						# Destination NAT
 						if ($NAT_MODE eq "DNAT") {
-							# Make port-forwardings useable from the internal networks.
-							my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1);
-							unless ($nat_address ~~ @internal_addresses) {
-								&add_dnat_mangle_rules($nat_address, @options);
-							}
-
 							my @nat_options = ();
 							if ($protocol ne "all") {
 								my @nat_protocol_options = &get_protocol_options($hash, $key, $protocol, 1);
 								push(@nat_options, @nat_protocol_options);
 							}
+							push(@nat_options, @time_options);
+
+							# Make port-forwardings useable from the internal networks.
+							my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1);
+							unless ($nat_address ~~ @internal_addresses) {
+								&add_dnat_mangle_rules($nat_address, @nat_options);
+							}
+
 							push(@nat_options, @source_options);
 							push(@nat_options, ("-d", $nat_address));
-							push(@nat_options, @time_options);
 
 							my $dnat_port;
 							if ($protocol_has_ports) {


hooks/post-receive
--
IPFire 2.x development tree

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2014-04-21 11:53 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-21 11:53 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. ff7cb6d60fd1787b2810370e2a1200034535bd16 git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox