use negation before -p <protocol> as per new iptables upgrade

2 files changed, 6 insertions, 6 deletions

diff --git a/lib/Vyatta/DstNatRule.pm b/lib/Vyatta/DstNatRule.pm
index e95cc7b..7b80432 100644
--- a/lib/Vyatta/DstNatRule.pm
+++ b/lib/Vyatta/DstNatRule.pm
@@ -157,12 +157,12 @@ sub rule_str {
   
   if (defined($self->{_proto})) {
     my $str = $self->{_proto};
-    $str =~ s/^\!(.*)$/! $1/;
+    $str =~ s/^\!(.*)$/ $1/;
     if ($str eq 'tcp_udp') {
       $tcp_and_udp = 1;
-      $rule_str .= " -p tcp"; # we'll add the '-p udp' to 2nd rule later
+      $rule_str .= " -p tcp "; # we'll add the '-p udp' to 2nd rule later
     } else {
-      $rule_str .= " -p $str";
+      $rule_str .= " ! -p $str ";
     }
   }
 
diff --git a/lib/Vyatta/SrcNatRule.pm b/lib/Vyatta/SrcNatRule.pm
index 6e759d2..77bad83 100644
--- a/lib/Vyatta/SrcNatRule.pm
+++ b/lib/Vyatta/SrcNatRule.pm
@@ -176,12 +176,12 @@ sub rule_str {
 
     if (defined($self->{_proto})) {
       my $str = $self->{_proto};
-      $str =~ s/^\!(.*)$/! $1/;
+      $str =~ s/^\!(.*)$/ $1/;
       if ($str eq 'tcp_udp') {
         $tcp_and_udp = 1;
-        $rule_str .= " -p tcp"; # we'll add the '-p udp' to 2nd rule later
+        $rule_str .= " -p tcp "; # we'll add the '-p udp' to 2nd rule later
       } else {
-        $rule_str .= " -p $str";
+        $rule_str .= " ! -p $str ";
       }
     }