Bug#345170: fiaif: FIAIF NAT's any computer in any zone

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I cannot reproduce this with a default config. Both zone.int and zone.tun are enabled with the following rule: SNAT[0]="EXT ALL 0.0.0.0/0=>0.0.0.0/0" Now looking at the result: $ iptables -t nat -nvL Chain POSTROUTING_NAT_EXT (1 references) pkt

Bug#345170: fiaif: FIAIF NAT's any computer in any zone file if any other zone is set to nat 0.0.0.0/0 to 0.0.0.0/0

Package: fiaif Version: 1.20.0-2 Severity: critical Tags: security Justification: root security hole Facts: FIAIF with 3 zones zone.tun zone.int zone.ext zone.tun is used for a tun device zone.int is for the internal lan zone.ext is for the internet zone.int settings: SNAT[0]="EXT ALL 192.168