The following task has a new comment added:
FS#248 - Firewall configuration: multiple negative masq_dest options do not work
User who did this - Jo-Philipp Wich (jow-)
----------
Fix to firewall3.git added with https://git.lede-project.org/097282e.
The following zone declaration:
config zone
option name test
option device foo0
option masq 1
list masq_src !1.1.1.1
list masq_src !1.1.2.2
list masq_src 1.1.3.3
list masq_src 1.1.4.4
list masq_dest !2.2.1.1
list masq_dest !2.2.2.2
list masq_dest 2.2.3.3
list masq_dest 2.2.4.4
... will yield the following rules now:
iptables -t nat -A zone_test_postrouting -s 1.1.1.1/255.255.255.255 -m id --id 0x66773300 -j RETURN
iptables -t nat -A zone_test_postrouting -s 1.1.2.2/255.255.255.255 -m id --id 0x66773300 -j RETURN
iptables -t nat -A zone_test_postrouting -d 2.2.1.1/255.255.255.255 -m id --id 0x66773300 -j RETURN
iptables -t nat -A zone_test_postrouting -d 2.2.2.2/255.255.255.255 -m id --id 0x66773300 -j RETURN
iptables -t nat -A zone_test_postrouting -s 1.1.3.3/255.255.255.255 -d 2.2.3.3/255.255.255.255 -m id --id 0x66773300 -j MASQUERADE
iptables -t nat -A zone_test_postrouting -s 1.1.3.3/255.255.255.255 -d 2.2.4.4/255.255.255.255 -m id --id 0x66773300 -j MASQUERADE
iptables -t nat -A zone_test_postrouting -s 1.1.4.4/255.255.255.255 -d 2.2.3.3/255.255.255.255 -m id --id 0x66773300 -j MASQUERADE
iptables -t nat -A zone_test_postrouting -s 1.1.4.4/255.255.255.255 -d 2.2.4.4/255.255.255.255 -m id --id 0x66773300 -j MASQUERADE
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=248#comment737