| 1 | --- a/net/ipv4/netfilter/ip_tables.c |
| 2 | +++ b/net/ipv4/netfilter/ip_tables.c |
| 3 | @@ -84,9 +84,11 @@ ip_packet_match(const struct iphdr *ip, |
| 4 | if (ipinfo->flags & IPT_F_NO_DEF_MATCH) |
| 5 | return true; |
| 6 | |
| 7 | - if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, |
| 8 | + if (FWINV(ipinfo->smsk.s_addr && |
| 9 | + (ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, |
| 10 | IPT_INV_SRCIP) || |
| 11 | - FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, |
| 12 | + FWINV(ipinfo->dmsk.s_addr && |
| 13 | + (ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, |
| 14 | IPT_INV_DSTIP)) { |
| 15 | dprintf("Source or dest mismatch.\n"); |
| 16 | |
| 17 | |
