fw4: fix redirect destination zone resolving

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich 2022-01-27 18:35:14 +0000
committer: Jo-Philipp Wich 2022-01-27 18:36:28 +0000
commit: c08eb4478d50ccc903987160fa3535457fdb3289 (patch)
tree: 0088b2d7aa1acc132abb3b4816639ee934912662
parent: 8fec51a1482c891d84e2e66ad3edba8865f60af8 (diff)
download: firewall4-c08eb4478d50ccc903987160fa3535457fdb3289.tar.gz
1 files changed, 14 insertions, 12 deletions
diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 91f472b..9b6fcaa 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -2401,22 +2401,24 @@ return {
 
 		let resolve_dest = (redir) => {
 			for (let zone in this.state.zones) {
-				for (let addr in zone.related_subnets) {
-					if (redir.dest_ip.family != addr.family)
-						continue;
+				for (let zone_addr in zone.related_subnets) {
+					for (let dest_addr in redir.dest_ip.addrs) {
+						if (dest_addr.family != zone_addr.family)
+							continue;
 
-					let a = apply_mask(redir.dest_ip.addr, addr.bits);
-					let b = apply_mask(addr.addr, addr.bits);
+						let a = apply_mask(dest_addr.addr, zone_addr.mask);
+						let b = apply_mask(zone_addr.addr, zone_addr.mask);
 
-					if (a != b)
-						continue;
+						if (a != b)
+							continue;
 
-					redir.dest = {
-						any: false,
-						zone: zone
-					};
+						redir.dest = {
+							any: false,
+							zone: zone
+						};
 
-					return true;
+						return true;
+					}
 				}
 			}
author	Jo-Philipp Wich	2022-01-27 18:35:14 +0000
committer	Jo-Philipp Wich	2022-01-27 18:36:28 +0000
commit	c08eb4478d50ccc903987160fa3535457fdb3289 (patch)
tree	0088b2d7aa1acc132abb3b4816639ee934912662
parent	8fec51a1482c891d84e2e66ad3edba8865f60af8 (diff)
download	firewall4-c08eb4478d50ccc903987160fa3535457fdb3289.tar.gz