From b15d3998fc9cbc6fbaa5f54596cf6ae4af80c6b4 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Wed, 15 Jan 2020 10:41:29 -0500
Subject: [PATCH 20/37] fix: rich: source/dest only matching with mark action

We need to make sure the pre-requisite chains exist before generating
the rule for the mark action.

Fixes: #567
(cherry picked from commit 4997385a269b2128281f346ba6e049a41767d165)
(cherry picked from commit 16c70554005a2a8dc7947c94f0fcc7cc401de3d0)
---
 src/firewall/core/fw_zone.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index cbb80f09e02f..5cda560a30e1 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1720,6 +1720,8 @@ class FirewallZone(object):
             elif rule.element is None:
                 if enable:
                     transaction.add_chain(zone, "filter", "INPUT")
+                if enable and type(rule.action) == Rich_Mark:
+                    transaction.add_chain(zone, "mangle", "PREROUTING")
 
                 rules = backend.build_zone_rich_source_destination_rules(
                             enable, zone, rule)
-- 
2.23.0