From f21ff3ed3c1cb6d93a5b3aaeee5f9faeb73e74d0 Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Mon, 12 May 2008 18:27:02 -0700
Subject: fix for bug 3248: "exclude" now works with "source" and "destination"
 types.

---
 scripts/VyattaNatRule.pm | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/VyattaNatRule.pm b/scripts/VyattaNatRule.pm
index bd0c598..2e57df6 100644
--- a/scripts/VyattaNatRule.pm
+++ b/scripts/VyattaNatRule.pm
@@ -211,7 +211,9 @@ sub rule_str {
       $to_src .= "$self->{_outside_addr}->{_port}";
     }
     
-    if ($to_src ne "") {
+    if ($self->{_exclude}) {
+      # outside-address has no effect for "exclude" rules
+    } elsif ($to_src ne '') {
       if ($self->{_type} eq "masquerade") {
         $rule_str .= " --to-ports $to_src";
       } else {
@@ -274,7 +276,9 @@ sub rule_str {
       $to_dst .= ":$self->{_inside_addr}->{_port}";
     }
     
-    if ($to_dst ne " --to-destination ") {
+    if ($self->{_exclude}) {
+      # inside-address has no effect for "exclude" rules
+    } elsif ($to_dst ne ' --to-destination ') {
       $rule_str .= $to_dst;
     } else {
       return (undef, "inside-address not specified");
-- 
cgit v1.2.3