+ if (redir->src.invert)
+ {
+ warn_section("redirect", redir, e, "must not have an inverted source");
+ return false;
+ }
+ else if (redir->src.set && !redir->src.any &&
+ !(redir->_src = fw3_lookup_zone(state, redir->src.name)))
+ {
+ warn_section("redirect", redir, e, "refers to not existing zone '%s'",
+ redir->src.name);
+ return false;
+ }
+ else if (redir->dest.set && !redir->dest.any &&
+ !(redir->_dest = fw3_lookup_zone(state, redir->dest.name)))
+ {
+ warn_section("redirect", redir, e, "refers to not existing zone '%s'",
+ redir->dest.name);
+ return false;
+ }
+ else if (redir->ipset.set && state->disable_ipsets)
+ {
+ warn_section("redirect", redir, e, "skipped due to disabled ipset support");
+ return false;
+ }
+ else if (redir->ipset.set &&
+ !(redir->ipset.ptr = fw3_lookup_ipset(state, redir->ipset.name)))
+ {
+ warn_section("redirect", redir, e, "refers to unknown ipset '%s'",
+ redir->ipset.name);
+ return false;
+ }
+ else if (redir->helper.set &&
+ !(redir->helper.ptr = fw3_lookup_cthelper(state, redir->helper.name)))
+ {
+ warn_section("redirect", redir, e, "refers to unknown CT helper '%s'",
+ redir->helper.name);
+ return false;
+ }
+
+ if (!check_families(e, redir))
+ return false;
+
+ if (redir->target == FW3_FLAG_UNSPEC)
+ {
+ warn_section("redirect", redir, e, "has no target specified, defaulting to DNAT");
+ redir->target = FW3_FLAG_DNAT;
+ }
+ else if (redir->target < FW3_FLAG_DNAT || redir->target > FW3_FLAG_SNAT)
+ {
+ warn_section("redirect", redir, e, "has invalid target specified, defaulting to DNAT");
+ redir->target = FW3_FLAG_DNAT;
+ }
+
+ valid = false;
+
+ if (redir->target == FW3_FLAG_DNAT)
+ {
+ if (redir->src.any)
+ warn_section("redirect", redir, e, "must not have source '*' for DNAT target");
+ else if (!redir->_src)
+ warn_section("redirect", redir, e, "has no source specified");
+ else if (redir->helper.invert)
+ warn_section("redirect", redir, e, "must not use a negated helper match");
+ else
+ {
+ set(redir->_src->flags, FW3_FAMILY_V4, redir->target);
+ valid = true;
+
+ if (!check_local(e, redir, state) && !redir->dest.set &&
+ resolve_dest(e, redir, state))
+ {
+ warn_section("redirect", redir, e,
+ "does not specify a destination, assuming '%s'",
+ redir->dest.name);