Exempt wildcard interfaces from sfilter

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-14 06:45:22 -07:00
parent fb8f66af61
commit 4d08ad0eea

View File

@ -548,7 +548,8 @@ sub add_common_rules() {
if ( @filters ) { if ( @filters ) {
add_jump( $chainref , $target1, ! $ipsec, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters; add_jump( $chainref , $target1, ! $ipsec, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters;
} elsif ( $interfaceref->{bridge} eq $interface ) { } elsif ( $interfaceref->{bridge} eq $interface ) {
add_jump( $chainref , $target1, ! $ipsec, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter}; add_jump( $chainref , $target1, ! $ipsec, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++
unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+';
} }
add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT}; add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT};
@ -559,7 +560,8 @@ sub add_common_rules() {
if ( @filters ) { if ( @filters ) {
add_jump( $chainref , $target, 1, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters; add_jump( $chainref , $target, 1, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters;
} elsif ( $interfaceref->{bridge} eq $interface ) { } elsif ( $interfaceref->{bridge} eq $interface ) {
add_jump( $chainref , $target, 1, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter}; add_jump( $chainref , $target, 1, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++
unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+';
} }
add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT}; add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT};