In case of SNAT rules the src_dport parameter is used both as a rewrite
parameter as well as a matching parameter which is not the expected
behavior.
The latter is caused by port_redir being set to src_dport in case dest_port
parameter is not.
As this logic is in place to mimic the old shell script based firewall
behavior for DNAT only set port_redir in case the redirect rule is
a DNAT rule.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
if (!valid)
return false;
- if (!redir->port_redir.set)
+ if (redir->target == FW3_FLAG_DNAT && !redir->port_redir.set)
redir->port_redir = redir->port_dest;
return true;