On 10/07/2014 03:35 AM, Andrus, Brian Contractor wrote:
firewall-cmd --zone=public --remove-rich-rule='rule
family="ipv4"
destination address="204.1.8.6" forward-port to-addr="10.3.1.2"
protocol="tcp" port="0-65535"'
But that seems to ignore the destination address and instead routes
everything for ALL addresses to 10.3.1.2
This should work with:
https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=196cac1861c90b...
$ firewall-cmd --add-rich-rule='rule family="ipv4" destination
address="1.1.1.1" forward-port port="11" protocol="tcp"
to-addr="2.2.2.2" to-port="22"'
now creates:
*mangle
-A PRE_public_allow -d 1.1.1.1/32 -p tcp -m tcp --dport 11 -j MARK
--set-xmark 0x66/0xffffffff
*nat
-A PRE_public_allow -p tcp -m mark --mark 0x66 -j DNAT --to-destination
2.2.2.2:22
*filter
-A FWDI_public_allow -m conntrack --ctstate NEW -m mark --mark 0x66 -j
ACCEPT
I'm going to release 0.3.12 these days so you'll be able to test it.
--
Jiri