On 10/07/2014 03:35 AM, Andrus, Brian Contractor wrote:
firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" destination address="204.1.8.6" forward-port to-addr="10.3.1.2" protocol="tcp" port="0-65535"'
But that seems to ignore the destination address and instead routes everything for ALL addresses to 10.3.1.2
This should work with: https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=196cac1861c90be59...
$ firewall-cmd --add-rich-rule='rule family="ipv4" destination address="1.1.1.1" forward-port port="11" protocol="tcp" to-addr="2.2.2.2" to-port="22"'
now creates:
*mangle -A PRE_public_allow -d 1.1.1.1/32 -p tcp -m tcp --dport 11 -j MARK --set-xmark 0x66/0xffffffff
*nat -A PRE_public_allow -p tcp -m mark --mark 0x66 -j DNAT --to-destination 2.2.2.2:22
*filter -A FWDI_public_allow -m conntrack --ctstate NEW -m mark --mark 0x66 -j ACCEPT
I'm going to release 0.3.12 these days so you'll be able to test it.
-- Jiri