From 81364a083802b7f2fda18e70c29be2936f537142 Mon Sep 17 00:00:00 2001
From: Sergey Sobko <SSobko@ptsecurity.com>
Date: Fri, 30 Sep 2016 07:30:20 -0700
Subject: [PATCH] iptables: destination address for TPROXY target

---
 NEWS     | 1 +
 src/ferm | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 00819d7..06c69b0 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ v2.3.1 - not yet released
     * geoip
   - updated netfilter modules:
     * connlimit: add connlimit-upto, connlimit-saddr, connlimit-daddr
+    * TPROXY: add on-ip
   - @resolve returns IP addresses as-is
   - import-ferm: Perl 5.24 compatibility
 
diff --git a/src/ferm b/src/ferm
index 93d3efe..ea649a7 100755
--- a/src/ferm
+++ b/src/ferm
@@ -347,7 +347,7 @@ add_target_def 'TCPMSS', qw(set-mss clamp-mss-to-pmtu*0);
 add_target_def 'TCPOPTSTRIP', qw(strip-options=c);
 add_target_def 'TEE', qw(gateway);
 add_target_def 'TOS', qw(set-tos and-tos or-tos xor-tos);
-add_target_def 'TPROXY', qw(tproxy-mark on-port);
+add_target_def 'TPROXY', qw(tproxy-mark on-ip on-port);
 add_target_def 'TRACE';
 add_target_def 'TTL', qw(ttl-set ttl-dec ttl-inc);
 add_target_def 'ULOG', qw(ulog-nlgroup ulog-prefix ulog-cprange ulog-qthreshold);
-- 
2.11.4.GIT