extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-26 04:32:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

First cut at a fix for 'detectnets' bridges

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6723 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-29 23:59:12 +00:00
parent fac2590efd
commit ba8410b788
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall-perl/Shorewall/Rules.pm
View File

@ -1500,6 +1500,7 @@ sub generate_matrix() {
my $source_hosts_ref = $zoneref->{hosts}; my $source_hosts_ref = $zoneref->{hosts};
my $chain1 = rules_target $firewall_zone , $zone; my $chain1 = rules_target $firewall_zone , $zone;
my $chain2 = rules_target $zone, $firewall_zone; my $chain2 = rules_target $zone, $firewall_zone;
my $chain3 = rules_target $zone, $zone;
my $complex = $zoneref->{options}{complex} || 0; my $complex = $zoneref->{options}{complex} || 0;
my $type = $zoneref->{type}; my $type = $zoneref->{type};
my $exclusions = $zoneref->{exclusions}; my $exclusions = $zoneref->{exclusions};
@ -1567,6 +1568,10 @@ sub generate_matrix() {
for my $interface ( keys %needbroadcast ) { for my $interface ( keys %needbroadcast ) {
add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1"; add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1"; add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1";
if ( $chain3 eq "${zone}2${zone}" || $chain3 eq 'ACCEPT' ) {
my $match = match_dest_dev $interface;
add_rule $filter_table->{forward_chain $interface} , "$match -m addrtype --dst-type BROADCAST -j $chain3"
}
} }
} }

4
Shorewall-shell/compiler
View File

@ -4138,6 +4138,7 @@ activate_rules()
chain1=$(rules_chain $FW $zone) chain1=$(rules_chain $FW $zone)
chain2=$(rules_chain $zone $FW) chain2=$(rules_chain $zone $FW)
chain3=$(rules_chain $zone $zone)
eval complex=\$${zone}_is_complex eval complex=\$${zone}_is_complex
eval type=\$${zone}_type eval type=\$${zone}_type
@ -4211,6 +4212,9 @@ activate_rules()
for interface in $need_broadcast ; do for interface in $need_broadcast ; do
run_iptables -A $(out_chain $interface) -d 255.255.255.255 -j $chain1 run_iptables -A $(out_chain $interface) -d 255.255.255.255 -j $chain1
run_iptables -A $(out_chain $interface) -d 224.0.0.0/4 -j $chain1 run_iptables -A $(out_chain $interface) -d 224.0.0.0/4 -j $chain1
if [ $chain3 = ACCEPT -o $chain3 = "${zone}2${zone}" ]; then
run_iptables -A $(forward_chain $interface) $(match_dest_dev $interface) -d 255.255.255.255 -j $chain3;
fi
done done
fi fi
# #