Fix issue firewalld#61: Not masquerading loopback

https://github.com/t-woerner/firewalld/issues/61 Thanks to Georg Müller to locate this. Also added ! -o lo to rich rule masquerading
t-woerner · Dec 7, 2015 · 6acdfa3 · 6acdfa3
1 parent 7783bac
commit 6acdfa3
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
@@ -977,7 +977,7 @@ def __rule(self, enable, zone, rule, mark_id):
                 command = [ ]
                 self.__rule_source(rule.source, command)
                 self.__rule_destination(rule.destination, command)
-                command += [ "-j", "MASQUERADE" ]
+                command += [ "!", "-o", "lo", "-j", "MASQUERADE" ]
                 rules.append((ipv, "nat", "%s_allow" % target, command))
 
                 # FORWARD_OUT
@@ -1452,7 +1452,7 @@ def __masquerade(self, enable, zone):
         for ipv in [ "ipv4" ]: # IPv4 only!
             target = DEFAULT_ZONE_TARGET.format(
                 chain=SHORTCUTS["POSTROUTING"], zone=zone)
-            rules.append((ipv, [ "%s_allow" % (target), "!", "-i", "lo",
+            rules.append((ipv, [ "%s_allow" % (target), "!", "-o", "lo",
                                  "-t", "nat", "-j", "MASQUERADE" ]))
             # FORWARD_OUT
             target = DEFAULT_ZONE_TARGET.format(