only remove masquerade roles for VIR_NETWORK_FORWARD_NAT

Fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549949

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 905c498c76107f858aa435c15dd366de3fd61ac6..0342aa082ad517006a96b679da6872e6a4d73acb 100644 (file)
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -783,16 +783,15 @@ static void
 networkRemoveIptablesRules(struct network_driver *driver,
                          virNetworkObjPtr network) {
     if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) {
-        iptablesRemoveForwardMasquerade(driver->iptables,
-                                        network->def->network,
-                                        network->def->forwardDev);
-
-        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT)
+        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) {
+            iptablesRemoveForwardMasquerade(driver->iptables,
+                                                network->def->network,
+                                                network->def->forwardDev);
             iptablesRemoveForwardAllowRelatedIn(driver->iptables,
                                                 network->def->network,
                                                 network->def->bridge,
                                                 network->def->forwardDev);
-        else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
+        } else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
             iptablesRemoveForwardAllowIn(driver->iptables,
                                          network->def->network,
                                          network->def->bridge,