fw4: fix another instance of invalid rule jump targets

Ensure that action-less rules don't jump anywhere, we still emitted an
invalid jump for destination (outbound) rules.

Ref: https://github.com/openwrt/firewall4/issues/5#issuecomment-1673574359
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index cba7b024440749584f79a2affaadf6dedb2c2f91..e0748cc9288149744e007c9cfe155582b166371e 100644 (file)
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -2380,7 +2380,7 @@ return {
                        }
                }
 
-               let need_src_action_chain = (rule) => (rule.src?.zone?.log && rule.target && rule.target != "accept");
+               let need_src_action_chain = (rule) => (rule.src?.zone?.log && rule.target != "accept");
 
                let add_rule = (family, proto, saddrs, daddrs, sports, dports, icmptypes, icmpcodes, ipset, rule) => {
                        let r = {
@@ -2478,11 +2478,11 @@ return {
                                                r.chain = "output";
                                }
 
-                               if (r.dest && !r.dest.any) {
+                               if (r.target && r.dest && !r.dest.any) {
                                        r.jump_chain = `${r.target}_to_${r.dest.zone.name}`;
                                        r.dest.zone.dflags[r.target] = true;
                                }
-                               else if (need_src_action_chain(r)) {
+                               else if (r.target && need_src_action_chain(r)) {
                                        r.jump_chain = `${r.target}_from_${r.src.zone.name}`;
                                        r.src.zone.sflags[r.target] = true;
                                }