mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Disallow destination interface in the OUTPUT chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
dd0f42c462
commit
642f192b3d
@ -6086,7 +6086,7 @@ sub verify_dest_interface( $$$$ ) {
|
||||
if ( $chainref->{accounting} ) {
|
||||
fatal_error "Destination Interface ($diface) not allowed in the $chainref->{name} chain";
|
||||
} else {
|
||||
fatal_error "Destination Interface ($diface) not allowed in the mangle OUTPUT chain";
|
||||
fatal_error "Destination Interface ($diface) not allowed in the $chainref->{table} OUTPUT chain";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
|
||||
my $restriction = PREROUTE_RESTRICT;
|
||||
|
||||
if ( $chainref ) {
|
||||
$restriction = OUTPUT_RESTRICT if $chainref->{name} eq 'OUTPUT';
|
||||
$restriction = DESTIFACE_DISALLOW if $chainref->{name} eq 'OUTPUT';
|
||||
} else {
|
||||
#
|
||||
# Entry in the conntrack file
|
||||
|
@ -272,7 +272,9 @@
|
||||
<term>O</term>
|
||||
|
||||
<listitem>
|
||||
<para>The rule is added to the raw table OUTPUT chain.</para>
|
||||
<para>The rule is added to the raw table OUTPUT chain. When
|
||||
this <replaceable>chain-designator</replaceable> is used, an
|
||||
interface may not be specified in the DEST column.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -281,7 +283,9 @@
|
||||
|
||||
<listitem>
|
||||
<para>The rule is added to the raw table PREROUTING and OUTPUT
|
||||
chains.</para>
|
||||
chains. When this <replaceable>chain-designator</replaceable>
|
||||
is used, an interface may not be specified in the DEST
|
||||
column.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
Loading…
Reference in New Issue
Block a user