17 lines
607 B
Diff
17 lines
607 B
Diff
--- a/net/ipv4/netfilter/ip_tables.c
|
|
+++ b/net/ipv4/netfilter/ip_tables.c
|
|
@@ -85,9 +85,11 @@ ip_packet_match(const struct iphdr *ip,
|
|
if (ipinfo->flags & IPT_F_NO_DEF_MATCH)
|
|
return true;
|
|
|
|
- if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
|
|
+ if (FWINV(ipinfo->smsk.s_addr &&
|
|
+ (ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
|
|
IPT_INV_SRCIP) ||
|
|
- FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
|
|
+ FWINV(ipinfo->dmsk.s_addr &&
|
|
+ (ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
|
|
IPT_INV_DSTIP)) {
|
|
dprintf("Source or dest mismatch.\n");
|
|
|