set mark for locally generated traffic in OUTPUT chain

[project/firewall3.git] / rules.c

diff --git a/rules.c b/rules.c
index a5f3fa9328f02eeb76188ba6ddf42c0505269503..e20442e0629025faa7051fbb3481ef40085d51ee 100644 (file)
--- a/rules.c
+++ b/rules.c
@@ -264,15 +264,15 @@ append_chain(struct fw3_ipt_rule *r, struct fw3_rule *rule)
 {
        char chain[32];
 
-       snprintf(chain, sizeof(chain), "delegate_output");
+       snprintf(chain, sizeof(chain), "OUTPUT");
 
        if (rule->target == FW3_FLAG_NOTRACK)
        {
                snprintf(chain, sizeof(chain), "zone_%s_notrack", rule->src.name);
        }
-       else if (rule->target == FW3_FLAG_MARK)
+       else if (rule->target == FW3_FLAG_MARK && (rule->_src || rule->src.any))
        {
-               snprintf(chain, sizeof(chain), "fwmark");
+               snprintf(chain, sizeof(chain), "PREROUTING");
        }
        else
        {
@@ -290,16 +290,16 @@ append_chain(struct fw3_ipt_rule *r, struct fw3_rule *rule)
                        else
                        {
                                if (rule->dest.set)
-                                       snprintf(chain, sizeof(chain), "delegate_forward");
+                                       snprintf(chain, sizeof(chain), "FORWARD");
                                else
-                                       snprintf(chain, sizeof(chain), "delegate_input");
+                                       snprintf(chain, sizeof(chain), "INPUT");
                        }
                }
 
                if (rule->dest.set && !rule->src.set)
                {
                        if (rule->dest.any)
-                               snprintf(chain, sizeof(chain), "delegate_output");
+                               snprintf(chain, sizeof(chain), "OUTPUT");
                        else
                                snprintf(chain, sizeof(chain), "zone_%s_output",
                                         rule->dest.name);