- dest_port="$dest_port_first:$dest_port_last"; }
-
- $IPTABLES -I zone_${src}_forward 1 \
- ${proto:+-p $proto} \
- -d $dest_ip \
- ${src_ip:+-s $src_ip} \
- ${src_port:+--sport $src_port} \
- ${dest_port:+--dport $dest_port} \
- ${src_mac:+-m mac --mac-source $src_mac} \
- -j ACCEPT
+ dest_port2="$dest_port_first:$dest_port_last"; }
+
+ add_rule() {
+ $IPTABLES -A zone_${src}_prerouting -t nat \
+ ${proto:+-p $proto} \
+ ${src_ip:+-s $src_ip} \
+ ${src_port:+--sport $src_port} \
+ ${src_dport:+--dport $src_dport} \
+ ${src_mac:+-m mac --mac-source $src_mac} \
+ -j DNAT --to-destination $dest_ip${dest_port:+:$dest_port}
+
+ $IPTABLES -I zone_${src}_forward 1 \
+ ${proto:+-p $proto} \
+ -d $dest_ip \
+ ${src_ip:+-s $src_ip} \
+ ${src_port:+--sport $src_port} \
+ ${dest_port2:+--dport $dest_port2} \
+ ${src_mac:+-m mac --mac-source $src_mac} \
+ -j ACCEPT
+ }
+ [ "$proto" == "tcpudp" -o -z "$proto" ] && {
+ proto=tcp
+ add_rule
+ proto=udp
+ add_rule
+ return
+ }
+ add_rule