- r = fw3_ipt_rule_create(handle, proto, NULL, NULL, sip, dip);
- fw3_ipt_rule_sport_dport(r, sport, dport);
- fw3_ipt_rule_device(r, rule->device, rule->direction_out);
- fw3_ipt_rule_icmptype(r, icmptype);
- fw3_ipt_rule_mac(r, mac);
- fw3_ipt_rule_ipset(r, &rule->ipset);
- fw3_ipt_rule_helper(r, &rule->helper);
- fw3_ipt_rule_limit(r, &rule->limit);
- fw3_ipt_rule_time(r, &rule->time);
- fw3_ipt_rule_mark(r, &rule->mark);
- fw3_ipt_rule_dscp(r, &rule->dscp);
- set_target(r, rule);
- fw3_ipt_rule_extra(r, rule->extra);
- set_comment(r, rule->name, num);
- append_chain(r, rule);
+ if (rule->target == FW3_FLAG_DSCP || rule->target == FW3_FLAG_MARK)
+ {
+ if (rule->_src)
+ idevices = &rule->_src->devices;
+ if (rule->_dest)
+ odevices = &rule->_dest->devices;
+ }
+
+ fw3_foreach(idev, idevices)
+ fw3_foreach(odev, odevices)
+ {
+ r = fw3_ipt_rule_create(handle, proto, idev, odev, sip, dip);
+ fw3_ipt_rule_sport_dport(r, sport, dport);
+ fw3_ipt_rule_device(r, rule->device, rule->direction_out);
+ fw3_ipt_rule_icmptype(r, icmptype);
+ fw3_ipt_rule_mac(r, mac);
+ fw3_ipt_rule_ipset(r, &rule->ipset);
+ fw3_ipt_rule_helper(r, &rule->helper);
+ fw3_ipt_rule_limit(r, &rule->limit);
+ fw3_ipt_rule_time(r, &rule->time);
+ fw3_ipt_rule_mark(r, &rule->mark);
+ fw3_ipt_rule_dscp(r, &rule->dscp);
+ set_target(r, rule);
+ fw3_ipt_rule_extra(r, rule->extra);
+ set_comment(r, rule->name, num);
+ append_chain(r, rule);
+ }