From b4d6c866857b82df4942e835fab1700dea7a4141 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 4 Jul 2007 15:45:19 +0000 Subject: [PATCH] Fix multicast through routeback/detectnets/bridge interfaces git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/releasenotes.txt | 8 ++++---- Shorewall-perl/Shorewall/Rules.pm | 1 + Shorewall-shell/compiler | 1 + Shorewall-shell/diff-3.4-compiler | 30 +++++++++++++++++------------- 4 files changed, 23 insertions(+), 17 deletions(-) diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 116e24160..c74610fc2 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -25,10 +25,10 @@ Shorewall 4.0.0 RC 1 Problems corrected in 4.0.0 Beta 7. 1) If 'routeback' and 'detectnets' were specified on an interface, - limited broadcasts (to 255.255.255.255) were dropped when forwarded - through the interface. This could cause broadcast-based - applications to fail when running through a bridge with - 'detectnets'. + limited broadcasts (to 255.255.255.255) and multicasts were dropped + when forwarded through the interface. This could cause broadcast + and multicast based applications to fail when running through a + bridge with 'detectnets'. 2) Entries in the hosts file are now more carefully validated. Previously, very obvious errors would result in run-time diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 5749a336c..f80bcdec9 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -1662,6 +1662,7 @@ sub generate_matrix() { if ( get_interface_option( $interface, 'bridge' ) ) { for my $source ( keys %$sourceref ) { add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 255.255.255.255 -j $chain3"; + add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 224.0.0.0/4 -j $chain3"; } } } diff --git a/Shorewall-shell/compiler b/Shorewall-shell/compiler index 319170c4c..0b6b81b81 100755 --- a/Shorewall-shell/compiler +++ b/Shorewall-shell/compiler @@ -4365,6 +4365,7 @@ activate_rules() iface=$(chain_base $interface) eval source=\"\$need_bcast_$iface\" run_iptables -A $(forward_chain $interface) $source $(match_dest_dev $interface) -d 255.255.255.255 -j $chain3; + run_iptables -A $(forward_chain $interface) $source $(match_dest_dev $interface) -d 224.0.0.0/4 -j $chain3; fi done fi diff --git a/Shorewall-shell/diff-3.4-compiler b/Shorewall-shell/diff-3.4-compiler index 650abc736..dab8905bc 100644 --- a/Shorewall-shell/diff-3.4-compiler +++ b/Shorewall-shell/diff-3.4-compiler @@ -1,16 +1,19 @@ ---- /home/teastep/shorewall/branches/3.4/Shorewall/compiler 2007-06-30 08:39:22.000000000 -0700 -+++ compiler 2007-07-02 10:15:12.000000000 -0700 -@@ -35,6 +35,9 @@ +--- /home/teastep/shorewall/branches/3.4/Shorewall/compiler 2007-07-04 08:07:46.000000000 -0700 ++++ compiler 2007-07-04 08:31:25.000000000 -0700 +@@ -35,6 +35,12 @@ # SHOREWALL_DIR A directory name was passed to /sbin/shorewall # VERBOSE Standard Shorewall verbosity control. -+MIN_COMMON_VERSION=40000 -+MIN_COMMON_VERSION_PRINTABLE=4.0.0 ++BASE_VERSION=40000 ++BASE_VERSION_PRINTABLE=4.0.0 ++CONFIG_VERSION=40000 ++CONFIG_VERSION_PRINTABLE=4.0.0 ++ + # # Fatal error -- stops the compiler after issuing the error message # -@@ -673,11 +676,11 @@ +@@ -673,11 +679,11 @@ progress_message2 "Compiling IP Forwarding..." case "$IP_FORWARDING" in @@ -24,7 +27,7 @@ save_progress_message "IP Forwarding Disabled!" save_command "echo 0 > /proc/sys/net/ipv4/ip_forward" ;; -@@ -3767,7 +3770,7 @@ +@@ -3767,7 +3773,7 @@ save_progress_message "Setting up Route Filtering..." @@ -33,7 +36,7 @@ indent >&3 << __EOF__ for f in /proc/sys/net/ipv4/conf/*; do -@@ -3791,8 +3794,10 @@ +@@ -3791,8 +3797,10 @@ save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter" @@ -45,7 +48,7 @@ fi save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache" -@@ -3808,7 +3813,7 @@ +@@ -3808,7 +3816,7 @@ save_progress_message "Setting up Martian Logging..." @@ -54,7 +57,7 @@ indent >&3 << __EOF__ for f in /proc/sys/net/ipv4/conf/*; do -@@ -3831,9 +3836,12 @@ +@@ -3831,9 +3839,12 @@ __EOF__ done @@ -68,7 +71,7 @@ fi fi -@@ -4889,7 +4897,7 @@ +@@ -4890,7 +4901,7 @@ ;; esac @@ -77,13 +80,14 @@ } progress_message2 "Initializing..." -@@ -5731,6 +5739,10 @@ +@@ -5732,6 +5743,11 @@ fi done +VERSION=$(cat $SHELLSHAREDIR/version) + -+[ $SHOREWALL_LIBVERSION -ge $MIN_COMMON_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common >= $MIN_COMMON_VERSION_PRINTABLE" ++[ "$SHOREWALL_LIBVERSION" -eq $BASE_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common lib.base version $BASE_VERSION_PRINTABLE" ++[ "$SHOREWALL_CONFIGVERSION" -eq $CONFIG_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common lib.config version $CONFIG_VERSION_PRINTABLE" + PROGRAM=compiler