mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-25 15:48:56 +01:00
Fix policy and maclist
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1547 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
af8baff5cb
commit
4292ef2e98
@ -44,3 +44,5 @@ Changes since 2.0.3
|
|||||||
20) No longer enforce source port 500 for ISAKMP.
|
20) No longer enforce source port 500 for ISAKMP.
|
||||||
|
|
||||||
21) Apply policy to interface/host options.
|
21) Apply policy to interface/host options.
|
||||||
|
|
||||||
|
22) Fix policy and maclist.
|
||||||
|
@ -1828,14 +1828,14 @@ setup_mac_lists() {
|
|||||||
# Generate jumps from the input and forward chains
|
# Generate jumps from the input and forward chains
|
||||||
#
|
#
|
||||||
for hosts in $maclist_hosts; do
|
for hosts in $maclist_hosts; do
|
||||||
ipsec=${hosst%^*}
|
ipsec=${hosts%^*}
|
||||||
hosts=${hosts#*^}
|
hosts=${hosts#*^}
|
||||||
[ -n $POLICY_MATCH ] && policy="-m policy --pol $ipsec --dir in" || policy=
|
[ -n $POLICY_MATCH ] && policy="-m policy --pol $ipsec --dir in" || policy=
|
||||||
interface=${hosts%%:*}
|
interface=${hosts%%:*}
|
||||||
hosts=${hosts#*:}
|
hosts=${hosts#*:}
|
||||||
for chain in $(first_chains $interface) ; do
|
for chain in $(first_chains $interface) ; do
|
||||||
run_iptables -A $chain $(match_source_hosts $hosts) -m state --state NEW \
|
run_iptables -A $chain $(match_source_hosts $hosts) -m state --state NEW \
|
||||||
-j $(mac_chain $interface)
|
$policy -j $(mac_chain $interface)
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user