From f75db67c495c0e9e251bebba46b75e9d085dece0 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 15 May 2020 21:47:08 +0200 Subject: nat: T2198: do not run DNAT rule if rule is disabled --- data/templates/firewall/nftables-nat.tmpl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'data/templates/firewall') diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl index 01dcec19f..528c4d82a 100644 --- a/data/templates/firewall/nftables-nat.tmpl +++ b/data/templates/firewall/nftables-nat.tmpl @@ -23,7 +23,7 @@ flush table nat {% endif %} -{% for r in destination -%} +{% for r in destination if not r.disabled -%} {% set chain = "PREROUTING" %} {% set dst_addr = "ip daddr " + r.dest_address if r.dest_address %} {% set dst_port = "dport { " + r.dest_port +" }" %} @@ -48,7 +48,6 @@ flush table nat {% set trns = "return" %} {% endif %} - {% if r.protocol == 'tcp_udp' %} {# Special handling for protocol tcp_udp which is represented as two individual rules #} {% if log %} -- cgit v1.2.3