From b6ab442e1c72b5b2dc256b032a178cd4e65c00c0 Mon Sep 17 00:00:00 2001
From: Adam Glasgall <adam@crossproduct.net>
Date: Thu, 6 Jun 2013 23:24:25 -0400
Subject: [PATCH 1/1] fix iptables syntax so vnc works again

---
 debian/changelog                                   |    6 ++++++
 .../etc/invirt-iptables/rules.d/50-invirt-web.mako |    2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 3bcec0d..5ce1f40 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+invirt-web (0.1.32~glasgall2) precise; urgency=low
+
+  * Fix iptables syntax in 50-invirt-web.mako so VNC works.
+
+ -- Adam Glasgall <glasgall@mit.edu>  Thu, 06 Jun 2013 23:23:42 -0400
+
 invirt-web (0.1.32~glasgall1achernya1) precise; urgency=low
 
   * Switch to dh7
diff --git a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
index ad5c923..7082c13 100644
--- a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
+++ b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
@@ -10,7 +10,7 @@ server_port = host_port
 :POSTROUTING ACCEPT [8:674]
 :OUTPUT ACCEPT [8:674]
 % for h in cfg.hosts:
--A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port}
+-A PREROUTING ! -s ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port}
 -A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
 <% server_port += 1 %>\
 % endfor
-- 
1.7.9.5