mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-14 01:28:13 +01:00
First cut at a fix for 'detectnets' bridges
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6723 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
fac2590efd
commit
ba8410b788
@ -1500,6 +1500,7 @@ sub generate_matrix() {
|
||||
my $source_hosts_ref = $zoneref->{hosts};
|
||||
my $chain1 = rules_target $firewall_zone , $zone;
|
||||
my $chain2 = rules_target $zone, $firewall_zone;
|
||||
my $chain3 = rules_target $zone, $zone;
|
||||
my $complex = $zoneref->{options}{complex} || 0;
|
||||
my $type = $zoneref->{type};
|
||||
my $exclusions = $zoneref->{exclusions};
|
||||
@ -1565,8 +1566,12 @@ sub generate_matrix() {
|
||||
|
||||
if ( $chain1 ) {
|
||||
for my $interface ( keys %needbroadcast ) {
|
||||
add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
|
||||
add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1";
|
||||
add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
|
||||
add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1";
|
||||
if ( $chain3 eq "${zone}2${zone}" || $chain3 eq 'ACCEPT' ) {
|
||||
my $match = match_dest_dev $interface;
|
||||
add_rule $filter_table->{forward_chain $interface} , "$match -m addrtype --dst-type BROADCAST -j $chain3"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -4138,6 +4138,7 @@ activate_rules()
|
||||
|
||||
chain1=$(rules_chain $FW $zone)
|
||||
chain2=$(rules_chain $zone $FW)
|
||||
chain3=$(rules_chain $zone $zone)
|
||||
|
||||
eval complex=\$${zone}_is_complex
|
||||
eval type=\$${zone}_type
|
||||
@ -4211,6 +4212,9 @@ activate_rules()
|
||||
for interface in $need_broadcast ; do
|
||||
run_iptables -A $(out_chain $interface) -d 255.255.255.255 -j $chain1
|
||||
run_iptables -A $(out_chain $interface) -d 224.0.0.0/4 -j $chain1
|
||||
if [ $chain3 = ACCEPT -o $chain3 = "${zone}2${zone}" ]; then
|
||||
run_iptables -A $(forward_chain $interface) $(match_dest_dev $interface) -d 255.255.255.255 -j $chain3;
|
||||
fi
|
||||
done
|
||||
fi
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user