diff options
Diffstat (limited to 'awall/modules/filter.lua')
| -rw-r--r-- | awall/modules/filter.lua | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua index 733263f..b6d1426 100644 --- a/awall/modules/filter.lua +++ b/awall/modules/filter.lua @@ -79,6 +79,9 @@ function Filter:trules() if self.action ~= 'accept' then self:error('dnat option not allowed with '..self.action..' action') end + if self['no-track'] then + self:error('dnat option not allowed with no-track') + end if not self.dest then self:error('Destination address must be specified with DNAT') end @@ -107,10 +110,17 @@ function Filter:trules() extrarules('dnat', {['ip-range']=dnataddr, out=nil}) end - if self.action == 'tarpit' then extrarules('no-track') end + if self.action == 'tarpit' or self['no-track'] then + extrarules('no-track') + end extend(res, model.Rule.trules(self)) + if self['no-track'] and self.action == 'accept' then + extrarules('no-track', {reverse=true}) + extrarules('filter', {reverse=true, action='accept', log=false}) + end + return res end |