From 420fbb599f1f73ab7e946447d29dfba360318618 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Tue, 6 Sep 2011 18:31:40 -0500 Subject: [PATCH] sharing: fix handling of rule negation (debian #638995) ! after the option is deprecated at least as far back as iptables 1.4.12 on 2.6.32. ! should be before the option instead. Reported-by: Ralf Jung --- src/nm-device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nm-device.c b/src/nm-device.c index fbb0b06144..3522ea4271 100644 --- a/src/nm-device.c +++ b/src/nm-device.c @@ -2523,7 +2523,7 @@ start_sharing (NMDevice *self) add_share_rule (req, "filter", "FORWARD --in-interface %s --out-interface %s --jump ACCEPT", ip_iface, ip_iface); add_share_rule (req, "filter", "FORWARD --source %s/%s --in-interface %s --jump ACCEPT", str_addr, str_mask, ip_iface); add_share_rule (req, "filter", "FORWARD --destination %s/%s --out-interface %s --match state --state ESTABLISHED,RELATED --jump ACCEPT", str_addr, str_mask, ip_iface); - add_share_rule (req, "nat", "POSTROUTING --source %s/%s --destination ! %s/%s --jump MASQUERADE", str_addr, str_mask, str_addr, str_mask); + add_share_rule (req, "nat", "POSTROUTING --source %s/%s ! --destination %s/%s --jump MASQUERADE", str_addr, str_mask, str_addr, str_mask); nm_act_request_set_shared (req, TRUE);