extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-01 15:35:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix bogus rule generation

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6488 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-08 16:08:55 +00:00
parent ea3d6e08d0
commit 32f8fbfc81
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall-perl/Shorewall/Chains.pm
View File

@ -235,12 +235,12 @@ our %targets = ('ACCEPT' => STANDARD,
# #
# expand_rule() restrictions # expand_rule() restrictions
# #
use constant { NO_RESTRICT => 0, # Both -i and -o may be used in the rule use constant { NO_RESTRICT => 0, # FORWARD chain rule - Both -i and -o may be used in the rule
PREROUTE_RESTRICT => 1, # PREROUTING chain rule - -o converted to -d <address list> using main routing table PREROUTE_RESTRICT => 1, # PREROUTING chain rule - -o converted to -d <address list> using main routing table
INPUT_RESTRICT => 4, # INPUT chain rule - -o not allowed INPUT_RESTRICT => 4, # INPUT chain rule - -o not allowed
OUTPUT_RESTRICT => 8, # OUTPUT chain rule - -i not allowed OUTPUT_RESTRICT => 8, # OUTPUT chain rule - -i not allowed
POSTROUTE_RESTRICT => 16, # POSTROUTING chain rule - -i converted to -s <address list> using main routing table POSTROUTE_RESTRICT => 16, # POSTROUTING chain rule - -i converted to -s <address list> using main routing table
ALL_RESTRICT => 12 # INPUT_RESTRICT + OUTPUT_RESTRICT (fw->fw rule - neither -i nor -o allowed) ALL_RESTRICT => 12 # fw->fw rule - neither -i nor -o allowed
}; };
# #
# Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ... # Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ...

4
Shorewall-perl/Shorewall/Rules.pm
View File

@ -1428,7 +1428,7 @@ sub generate_matrix() {
for my $host ( @$exclusions ) { for my $host ( @$exclusions ) {
my ( $interface, $net ) = split /:/, $host; my ( $interface, $net ) = split /:/, $host;
my $rule = match_source_dev( $interface ) . "-s $net -j RETURN"; my $rule = match_source_dev( $interface ) . match_source_net( $net ) . "-j RETURN";
add_rule $frwd_ref , $rule; add_rule $frwd_ref , $rule;
add_rule $in_ref , $rule; add_rule $in_ref , $rule;
add_rule $out_ref , $rule; add_rule $out_ref , $rule;
@ -1649,7 +1649,7 @@ sub generate_matrix() {
} }
$chain = $chain1; $chain = $chain1;
} else { } elsif ( $chain ne 'ACCEPT' ) {
insert_exclusions $chainref , $exclusions1; insert_exclusions $chainref , $exclusions1;
} }
} }