From 4292ef2e988f1b5a21adce2247de127baf37c18a Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 16 Aug 2004 18:00:53 +0000 Subject: [PATCH] Fix policy and maclist git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1547 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/changelog.txt | 2 ++ Shorewall2/firewall | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index a6ac3bb16..712c495c5 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -44,3 +44,5 @@ Changes since 2.0.3 20) No longer enforce source port 500 for ISAKMP. 21) Apply policy to interface/host options. + +22) Fix policy and maclist. diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 26f0552f0..aee27f959 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1828,14 +1828,14 @@ setup_mac_lists() { # Generate jumps from the input and forward chains # for hosts in $maclist_hosts; do - ipsec=${hosst%^*} + ipsec=${hosts%^*} hosts=${hosts#*^} [ -n $POLICY_MATCH ] && policy="-m policy --pol $ipsec --dir in" || policy= interface=${hosts%%:*} hosts=${hosts#*:} for chain in $(first_chains $interface) ; do run_iptables -A $chain $(match_source_hosts $hosts) -m state --state NEW \ - -j $(mac_chain $interface) + $policy -j $(mac_chain $interface) done done }