1
0
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-14 01:28:13 +01:00

First cut at a fix for 'detectnets' bridges

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6723 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-29 23:59:12 +00:00
parent fac2590efd
commit ba8410b788
2 changed files with 11 additions and 2 deletions
Shorewall-perl/Shorewall
Shorewall-shell

View File

@ -1500,6 +1500,7 @@ sub generate_matrix() {
my $source_hosts_ref = $zoneref->{hosts};
my $chain1 = rules_target $firewall_zone , $zone;
my $chain2 = rules_target $zone, $firewall_zone;
my $chain3 = rules_target $zone, $zone;
my $complex = $zoneref->{options}{complex} || 0;
my $type = $zoneref->{type};
my $exclusions = $zoneref->{exclusions};
@ -1565,8 +1566,12 @@ sub generate_matrix() {
if ( $chain1 ) {
for my $interface ( keys %needbroadcast ) {
add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1";
add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1";
if ( $chain3 eq "${zone}2${zone}" || $chain3 eq 'ACCEPT' ) {
my $match = match_dest_dev $interface;
add_rule $filter_table->{forward_chain $interface} , "$match -m addrtype --dst-type BROADCAST -j $chain3"
}
}
}

View File

@ -4138,6 +4138,7 @@ activate_rules()
chain1=$(rules_chain $FW $zone)
chain2=$(rules_chain $zone $FW)
chain3=$(rules_chain $zone $zone)
eval complex=\$${zone}_is_complex
eval type=\$${zone}_type
@ -4211,6 +4212,9 @@ activate_rules()
for interface in $need_broadcast ; do
run_iptables -A $(out_chain $interface) -d 255.255.255.255 -j $chain1
run_iptables -A $(out_chain $interface) -d 224.0.0.0/4 -j $chain1
if [ $chain3 = ACCEPT -o $chain3 = "${zone}2${zone}" ]; then
run_iptables -A $(forward_chain $interface) $(match_dest_dev $interface) -d 255.255.255.255 -j $chain3;
fi
done
fi
#