extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-16 03:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correct handling of broadcast addresses in MAC verification

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@784 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-10-31 15:30:07 +00:00
parent c334e92103
commit 306ca3718f
1 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Shorewall/firewall
View File

@ -1462,28 +1462,19 @@ setup_mac_lists() {
# #
for interface in $maclist_interfaces; do for interface in $maclist_interfaces; do
chain=`mac_chain $interface` chain=`mac_chain $interface`
blob=`ip -f inet addr show $interface 2> /dev/null | grep inet | sed 's/inet //; s/brd //; s/scope.*//;'`
blob=`ip link show $interface 2> /dev/null`
[ -z "$blob" ] && \ [ -z "$blob" ] && \
fatal_error "Interface $interface must be up before Shorewall can start" fatal_error "Interface $interface must be up before Shorewall can start"
set -- $blob ip -f inet addr show $interface 2> /dev/null | grep inet | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do
if [ -n "$broadcast" ]; then
while [ $# -gt 0 ]; do run_iptables -A $chain -s ${address%/*} -d $broadcast -j RETURN
address=${1%/*} fi
case $1 in
*/32)
;;
*)
run_iptables -A $chain -s $address -d $2 -j RETURN
shift
;;
esac
run_iptables -A $chain -s $address -d 255.255.255.255 -j RETURN run_iptables -A $chain -s $address -d 255.255.255.255 -j RETURN
run_iptables -A $chain -s $address -d 224.0.0.0/4 -j RETURN run_iptables -A $chain -s $address -d 224.0.0.0/4 -j RETURN
shift
done done
if [ -n "$MACLIST_LOG_LEVEL" ]; then if [ -n "$MACLIST_LOG_LEVEL" ]; then