extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-18 23:57:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Routeback corrections

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-05-25 10:45:57 -07:00
parent e4d667ca6a
commit 6c3163cc27
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -636,8 +636,6 @@ sub apply_policy_rules() {
sub complete_standard_chain ( $$$$ ) { sub complete_standard_chain ( $$$$ ) {
my ( $stdchainref, $zone, $zone2, $default ) = @_; my ( $stdchainref, $zone, $zone2, $default ) = @_;
add_rule $stdchainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" unless $config{FASTACCEPT};
run_user_exit $stdchainref; run_user_exit $stdchainref;
my $ruleschainref = $filter_table->{rules_chain( ${zone}, ${zone2} ) } || $filter_table->{rules_chain( 'all', 'all' ) }; my $ruleschainref = $filter_table->{rules_chain( ${zone}, ${zone2} ) } || $filter_table->{rules_chain( 'all', 'all' ) };
@ -1217,11 +1215,16 @@ sub prevent_hairpins() {
for my $interface (all_interfaces) { for my $interface (all_interfaces) {
my $interfaceref = find_interface( $interface ); my $interfaceref = find_interface( $interface );
if ( $interfaceref->{bridge} eq $interface ) {
#
# It is not possible to block these attempts on a bridge :-(
#
add_jump( $filter_table->{forward_chain $interface}, add_jump( $filter_table->{forward_chain $interface},
$target, $target,
1, 1,
match_dest_dev( $interface ) ) match_dest_dev( $interface ) )
unless $interfaceref->{routefilter} || $interfaceref->{options}{routeback} || $interfaceref->{options}{ignore}; unless $interfaceref->{optiones}{routefilter} || $interfaceref->{options}{routeback} || $interfaceref->{options}{ignore};
}
} }
} }