Fix policy and maclist

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1547 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-08-16 18:00:53 +00:00
parent af8baff5cb
commit 4292ef2e98
2 changed files with 4 additions and 2 deletions

View File

@ -44,3 +44,5 @@ Changes since 2.0.3
20) No longer enforce source port 500 for ISAKMP. 20) No longer enforce source port 500 for ISAKMP.
21) Apply policy to interface/host options. 21) Apply policy to interface/host options.
22) Fix policy and maclist.

View File

@ -1828,14 +1828,14 @@ setup_mac_lists() {
# Generate jumps from the input and forward chains # Generate jumps from the input and forward chains
# #
for hosts in $maclist_hosts; do for hosts in $maclist_hosts; do
ipsec=${hosst%^*} ipsec=${hosts%^*}
hosts=${hosts#*^} hosts=${hosts#*^}
[ -n $POLICY_MATCH ] && policy="-m policy --pol $ipsec --dir in" || policy= [ -n $POLICY_MATCH ] && policy="-m policy --pol $ipsec --dir in" || policy=
interface=${hosts%%:*} interface=${hosts%%:*}
hosts=${hosts#*:} hosts=${hosts#*:}
for chain in $(first_chains $interface) ; do for chain in $(first_chains $interface) ; do
run_iptables -A $chain $(match_source_hosts $hosts) -m state --state NEW \ run_iptables -A $chain $(match_source_hosts $hosts) -m state --state NEW \
-j $(mac_chain $interface) $policy -j $(mac_chain $interface)
done done
done done
} }