firewall: fix chain selection logic, option dest must be ignored for notrack targets

SVN-Revision: 23143

1 files changed, 5 insertions, 6 deletions

diff --git a/package/firewall/files/lib/core_rule.sh b/package/firewall/files/lib/core_rule.sh
index dbaf1102e9..a0de3ba8bb 100644
--- a/package/firewall/files/lib/core_rule.sh
+++ b/package/firewall/files/lib/core_rule.sh
@@ -36,16 +36,15 @@ fw_load_rule() {
 
 	local table=f
 	local chain=input
-	if [ "$rule_target" == "NOTRACK" ]; then
+	local target="${rule_target:-REJECT}"
+	if [ "$target" == "NOTRACK" ]; then
 		table=r
 		chain="zone_${rule_src}_notrack"
-	elif [ -n "$rule_src" ]; then
-		chain="zone_${rule_src}${rule_dest:+_forward}"
+	else
+		[ -n "$rule_src" ] && chain="zone_${rule_src}${rule_dest:+_forward}"
+		[ -n "$rule_dest" ] && target="zone_${rule_dest}_${target}"
 	fi
 
-	local target="${rule_target:-REJECT}"
-	[ -n "$dest" ] && target="zone_${rule_dest}_${target}"
-
 	local mode
 	fw_get_family_mode mode ${rule_family:-x} $rule_src I