k 3 iptables: allow DNAT rules

author: lassulus <lass@aidsballs.de> 2016-05-29 00:32:55 +0200
committer: lassulus <lass@aidsballs.de> 2016-05-29 00:32:55 +0200
commit: cc938e61f8d86b2554509a748fc455f0157f9cf7 (patch)
tree: 7a115fd8bbe34210171624d7b76bd43671aa6dc6 /krebs/3modules/iptables.nix
parent: 39be633cf42aaaa4f8a6a992fd3af4e139ab8917 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 4b99873a..bb06a938 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -124,7 +124,7 @@ let
 
       buildRule = tn: cn: rule:
         #target validation test:
-        assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target;
+        assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target;
 
         #predicate validation test:
         #maybe use iptables-test
author	lassulus <lass@aidsballs.de>	2016-05-29 00:32:55 +0200
committer	lassulus <lass@aidsballs.de>	2016-05-29 00:32:55 +0200
commit	cc938e61f8d86b2554509a748fc455f0157f9cf7 (patch)
tree	7a115fd8bbe34210171624d7b76bd43671aa6dc6 /krebs/3modules/iptables.nix
parent	39be633cf42aaaa4f8a6a992fd3af4e139ab8917 (diff)