From 897a7b55b6e182ddf93ee45e8970c01714b5aebe Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 22 Apr 2007 15:26:47 +0000
Subject: [PATCH] Another fix for 'detectnets'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6061 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Rules.pm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index b4409d870..677f56be2 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -1437,6 +1437,7 @@ sub generate_matrix() {
 	my $need_broadcast   = {}; ### Fixme ###
 	my $frwd_ref         = 0;
 	my $chain            = 0;
+	my %needbroadcast;
 
 	if ( $complex ) {
 	    $frwd_ref = $filter_table->{"${zone}_frwd"};
@@ -1486,10 +1487,20 @@ sub generate_matrix() {
 
 			add_rule $filter_table->{forward_chain $interface} , join( '', $source, $ipsec_in_match. "-j $frwd_ref->{name}" )
 			    if $complex && $hostref->{ipsec} ne 'ipsec';
+
+			$needbroadcast{$interface} = 1 if get_interface_option $interface, 'detectnets';
 		    }
 		}
 	    }
 	}
+
+	if ( $chain1 ) {
+	    for my $interface ( keys %needbroadcast ) {
+		add_rule filter_table{out_chain $interface} , "-d 255.255.255.255 -j $chain1";
+		add_rule filter_table{out_chain $interface} , "-d 224.0.0.0/4     -j $chain1";
+	    }
+	}
+
 	#
 	#                           F O R W A R D I N G
 	#