From 96be565c54dfee0b6116f89b8e365a8020f10525 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Tue, 28 Sep 2010 11:11:11 +0000
Subject: [package] firewall: don't setup nat reflection if negations are used

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23142 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/firewall/files/reflection.hotplug | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'package/firewall')

diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug
index 027d2ed8b1..b3b5e5ecce 100644
--- a/package/firewall/files/reflection.hotplug
+++ b/package/firewall/files/reflection.hotplug
@@ -82,6 +82,9 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
 
 				[ "$proto" = tcpudp ] && proto="tcp udp"
 
+				[ "${inthost#!}" = "$inthost" ] || return 0
+				[ "${exthost#!}" = "$exthost" ] || return 0
+
 				local p
 				for p in ${proto:-tcp udp}; do
 					case "$p" in
-- 
cgit v1.2.3