firewall: don't setup nat reflection if negations are used

author Jo-Philipp Wich <jow@openwrt.org>

Tue, 28 Sep 2010 11:11:11 +0000 (11:11 +0000)

committer Jo-Philipp Wich <jow@openwrt.org>

Tue, 28 Sep 2010 11:11:11 +0000 (11:11 +0000)
author Jo-Philipp Wich <jow@openwrt.org>
Tue, 28 Sep 2010 11:11:11 +0000 (11:11 +0000)
committer Jo-Philipp Wich <jow@openwrt.org>
Tue, 28 Sep 2010 11:11:11 +0000 (11:11 +0000)
diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug

index 027d2ed8b1a0d73854919c2e26241ec6959be0e0..b3b5e5ecce29336b6931583d0a98d34cb3ed34c1 100644 (file)
--- a/package/firewall/files/reflection.hotplug
+++ b/package/firewall/files/reflection.hotplug
@@ -82,6 +82,9 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
  
                                 [ "$proto" = tcpudp ] && proto="tcp udp"
  
+                               [ "${inthost#!}" = "$inthost" ] || return 0
+                               [ "${exthost#!}" = "$exthost" ] || return 0
+
                                 local p
                                 for p in ${proto:-tcp udp}; do
                                         case "$p" in
author	Jo-Philipp Wich <jow@openwrt.org>
	Tue, 28 Sep 2010 11:11:11 +0000 (11:11 +0000)
committer	Jo-Philipp Wich <jow@openwrt.org>
	Tue, 28 Sep 2010 11:11:11 +0000 (11:11 +0000)