From f95b2a2985731a63a368c62b6a14dbaa377e681c Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Thu, 21 Aug 2008 17:47:57 -0700
Subject: fix for bug 3622: add pre-SNAT hook

---
 scripts/firewall/firewall.init.in | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'scripts/firewall')

diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index 9f365db..5904a3d 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -58,6 +58,11 @@ start () {
     iptables -A VYATTA_POST_FW_HOOK -j ACCEPT
     iptables -A INPUT -j VYATTA_POST_FW_HOOK
     iptables -A FORWARD -j VYATTA_POST_FW_HOOK
+
+    # set up pre-SNAT hook
+    iptables -t nat -N VYATTA_PRE_SNAT_HOOK
+    iptables -t nat -A VYATTA_PRE_SNAT_HOOK -j RETURN
+    iptables -t nat -A POSTROUTING -j VYATTA_PRE_SNAT_HOOK
 }
 
 case "$ACTION" in
-- 
cgit v1.2.3