support for ACCEPT rules in NAT chains

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2012-06-28 05:11:41 +0000
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2012-06-28 05:11:41 +0000
commit: 4ea6839ad316c0718ef10cb19fdf178ca0d0a215 (patch)
tree: 52c6a6a24157286b09b22d922e2f7f13b7a62f92
parent: ad677b622800bf660be1e151880efdd0f5553fd5 (diff)
download: awall-4ea6839ad316c0718ef10cb19fdf178ca0d0a215.tar.bz2
awall-4ea6839ad316c0718ef10cb19fdf178ca0d0a215.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/awall/modules/nat.lua b/awall/modules/nat.lua
index 209eaf0..f7f4d80 100644
--- a/awall/modules/nat.lua
+++ b/awall/modules/nat.lua
@@ -45,6 +45,7 @@ function NATRule:table() return 'nat' end
 function NATRule:chain() return self.params.chain end
 
 function NATRule:target()
+   if self.action then return model.Rule.target(self) end
    if not self['ip-range'] then error('IP range not defined for NAT rule') end
    local target = self.params.target..' --to-'..self.params.subject..' '..self['ip-range']
    if self['port-range'] then target = target..':'..self['port-range'] end
@@ -70,7 +71,7 @@ function SNATRule:init(context)
 end
 
 function SNATRule:target()
-   if self['ip-range'] then return NATRule.target(self) end
+   if self.action or self['ip-range'] then return NATRule.target(self) end
    return 'MASQUERADE'..(self['port-range'] and ' --to-ports '..self['port-range'] or '')
 end
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2012-06-28 05:11:41 +0000
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2012-06-28 05:11:41 +0000
commit	4ea6839ad316c0718ef10cb19fdf178ca0d0a215 (patch)
tree	52c6a6a24157286b09b22d922e2f7f13b7a62f92
parent	ad677b622800bf660be1e151880efdd0f5553fd5 (diff)
download	awall-4ea6839ad316c0718ef10cb19fdf178ca0d0a215.tar.bz2 awall-4ea6839ad316c0718ef10cb19fdf178ca0d0a215.tar.xz