From ebed2b7fb5d212af139ddba36b501faacf34b13d Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Thu, 21 Aug 2008 17:47:31 -0700
Subject: fix for bug 3622: add pre-SNAT hook

---
 scripts/vyatta-update-nat.pl | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'scripts')

diff --git a/scripts/vyatta-update-nat.pl b/scripts/vyatta-update-nat.pl
index 4f95ad9..661ea3c 100755
--- a/scripts/vyatta-update-nat.pl
+++ b/scripts/vyatta-update-nat.pl
@@ -22,6 +22,9 @@ sub raw_cleanup {
       last;
     }
   }
+  
+  system('iptables -t nat -A VYATTA_PRE_SNAT_HOOK -j RETURN');
+  system('iptables -t nat -A POSTROUTING -j VYATTA_PRE_SNAT_HOOK');
 }
 
 my $config = new VyattaConfig;
@@ -30,8 +33,8 @@ my %rules = $config->listNodeStatus();
 my $rule;
 open(OUT, ">>/dev/null") or exit 1;
 my %ipt_rulenum = (
-                    source      => 1,
-                    destination => 1,
+                    source      => 2,
+                    destination => 2,
                   );
 my %chain_name = (
                   source      => "POSTROUTING",
@@ -150,6 +153,7 @@ for $rule (@rule_keys) {
 }
 
 if ($all_deleted) {
+  system('iptables -t nat -F');
   raw_cleanup();
 }
 
-- 
cgit v1.2.3