Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- diff --git a/rules.c b/rules.c
- index 181c6b1..6dcdcef 100644
- --- a/rules.c
- +++ b/rules.c
- @@ -420,6 +420,9 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
- struct fw3_mac *mac, struct fw3_icmptype *icmptype)
- {
- struct fw3_ipt_rule *r;
- + struct fw3_device *idev, *odev;
- + struct list_head empty;
- + INIT_LIST_HEAD(&empty);
- if (!fw3_is_family(sip, handle->family) ||
- !fw3_is_family(dip, handle->family))
- @@ -471,6 +474,36 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
- return;
- }
- + if (rule->target == FW3_FLAG_DSCP || rule->target == FW3_FLAG_MARK) {
- + fw3_foreach(idev, rule->_src ? &rule->_src->devices : &empty)
- + fw3_foreach(odev, rule->_dest ? &rule->_dest->devices : &empty)
- + {
- + r = fw3_ipt_rule_create(handle, proto, idev, odev, sip, dip);
- + fw3_ipt_rule_sport_dport(r, sport, dport);
- + fw3_ipt_rule_device(r, rule->device, rule->direction_out);
- + fw3_ipt_rule_icmptype(r, icmptype);
- + fw3_ipt_rule_mac(r, mac);
- + fw3_ipt_rule_ipset(r, &rule->ipset);
- + fw3_ipt_rule_helper(r, &rule->helper);
- + fw3_ipt_rule_limit(r, &rule->limit);
- + fw3_ipt_rule_time(r, &rule->time);
- + fw3_ipt_rule_mark(r, &rule->mark);
- + fw3_ipt_rule_dscp(r, &rule->dscp);
- + set_target(r, rule);
- + fw3_ipt_rule_extra(r, rule->extra);
- + set_comment(r, rule->name, num);
- +
- + if ((rule->src.any || rule->_src) && (rule->dest.any || rule->_dest))
- + fw3_ipt_rule_append(r, "FORWARD");
- + else if (rule->dest.any || rule->_dest)
- + fw3_ipt_rule_append(r, "POSTROUTING");
- + else /* if (rule->src.any || rule->_src) */
- + fw3_ipt_rule_append(r, "PREROUTING");
- + }
- +
- + return;
- + }
- +
- r = fw3_ipt_rule_create(handle, proto, NULL, NULL, sip, dip);
- fw3_ipt_rule_sport_dport(r, sport, dport);
- fw3_ipt_rule_device(r, rule->device, rule->direction_out);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
