fix for bug 3622: add pre-SNAT hook

author: An-Cheng Huang <ancheng@vyatta.com> 2008-08-21 17:47:57 -0700
committer: An-Cheng Huang <ancheng@vyatta.com> 2008-08-21 17:47:57 -0700
commit: f95b2a2985731a63a368c62b6a14dbaa377e681c (patch)
tree: ed6df211f63f91eeaa805f9643a9b8b2ee4f4ea3 /scripts/firewall/firewall.init.in
parent: 9dd0ef94bcafa777fa258f5bc96bd5b2ffda6ce6 (diff)
download: vyatta-cfg-firewall-f95b2a2985731a63a368c62b6a14dbaa377e681c.tar.gz
vyatta-cfg-firewall-f95b2a2985731a63a368c62b6a14dbaa377e681c.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index 9f365db..5904a3d 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -58,6 +58,11 @@ start () {
     iptables -A VYATTA_POST_FW_HOOK -j ACCEPT
     iptables -A INPUT -j VYATTA_POST_FW_HOOK
     iptables -A FORWARD -j VYATTA_POST_FW_HOOK
+
+    # set up pre-SNAT hook
+    iptables -t nat -N VYATTA_PRE_SNAT_HOOK
+    iptables -t nat -A VYATTA_PRE_SNAT_HOOK -j RETURN
+    iptables -t nat -A POSTROUTING -j VYATTA_PRE_SNAT_HOOK
 }
 
 case "$ACTION" in
author	An-Cheng Huang <ancheng@vyatta.com>	2008-08-21 17:47:57 -0700
committer	An-Cheng Huang <ancheng@vyatta.com>	2008-08-21 17:47:57 -0700
commit	f95b2a2985731a63a368c62b6a14dbaa377e681c (patch)
tree	ed6df211f63f91eeaa805f9643a9b8b2ee4f4ea3 /scripts/firewall/firewall.init.in
parent	9dd0ef94bcafa777fa258f5bc96bd5b2ffda6ce6 (diff)
download	vyatta-cfg-firewall-f95b2a2985731a63a368c62b6a14dbaa377e681c.tar.gz vyatta-cfg-firewall-f95b2a2985731a63a368c62b6a14dbaa377e681c.zip