mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-30 11:33:28 +01:00
Correct the behavior of rpfilter when FASTACCEPT=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
72869adcd6
commit
58700b2301
@ -843,26 +843,28 @@ sub add_common_rules ( $ ) {
|
|||||||
|
|
||||||
my $interfaceref = find_interface $interface;
|
my $interfaceref = find_interface $interface;
|
||||||
|
|
||||||
unless ( $interfaceref->{options}{ignore} & NO_SFILTER || $interfaceref->{options}{rpfilter} || $interfaceref->{physical} eq 'lo' ) {
|
unless ( $interfaceref->{physical} eq 'lo' ) {
|
||||||
|
unless ( $interfaceref->{options}{ignore} & NO_SFILTER || $interfaceref->{options}{rpfilter} ) {
|
||||||
|
|
||||||
my @filters = @{$interfaceref->{filter}};
|
my @filters = @{$interfaceref->{filter}};
|
||||||
|
|
||||||
$chainref = $filter_table->{forward_option_chain $interface};
|
$chainref = $filter_table->{forward_option_chain $interface};
|
||||||
|
|
||||||
if ( @filters ) {
|
if ( @filters ) {
|
||||||
add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
|
add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
|
||||||
} elsif ( $interfaceref->{bridge} eq $interface ) {
|
} elsif ( $interfaceref->{bridge} eq $interface ) {
|
||||||
add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_dest_dev( $interface ), @ipsec ), $chainref->{filtered}++
|
add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_dest_dev( $interface ), @ipsec ), $chainref->{filtered}++
|
||||||
unless( $config{ROUTE_FILTER} eq 'on' ||
|
unless( $config{ROUTE_FILTER} eq 'on' ||
|
||||||
$interfaceref->{options}{routeback} ||
|
$interfaceref->{options}{routeback} ||
|
||||||
$interfaceref->{options}{routefilter} ||
|
$interfaceref->{options}{routefilter} ||
|
||||||
$interfaceref->{physical} eq '+' );
|
$interfaceref->{physical} eq '+' );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if ( @filters ) {
|
if ( @filters ) {
|
||||||
$chainref = $filter_table->{input_option_chain $interface};
|
$chainref = $filter_table->{input_option_chain $interface};
|
||||||
add_ijump( $chainref , g => $target, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
|
add_ijump( $chainref , g => $target, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for ( option_chains( $interface ) ) {
|
for ( option_chains( $interface ) ) {
|
||||||
|
Loading…
Reference in New Issue
Block a user