From a1a31f183184bd6a0363d5d78319aafb92f55ba8 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Tue, 28 Sep 2010 11:11:11 +0000
Subject: firewall: don't setup nat reflection if negations are used

SVN-Revision: 23142
---
 package/firewall/files/reflection.hotplug | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'package')

diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug
index 027d2ed..b3b5e5e 100644
--- a/package/firewall/files/reflection.hotplug
+++ b/package/firewall/files/reflection.hotplug
@@ -82,6 +82,9 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
 
 				[ "$proto" = tcpudp ] && proto="tcp udp"
 
+				[ "${inthost#!}" = "$inthost" ] || return 0
+				[ "${exthost#!}" = "$exthost" ] || return 0
+
 				local p
 				for p in ${proto:-tcp udp}; do
 					case "$p" in
-- 
cgit v1.1