From bebaec1edc66719a919036a41278d7b1ee23f2d7 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 30 Jun 2007 00:36:34 +0000 Subject: [PATCH] Final cut at bridge/detectnets git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6725 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Rules.pm | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index c927f8f4f..11b3cbcb7 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -1558,23 +1558,18 @@ sub generate_matrix() { add_rule $filter_table->{forward_chain $interface} , join( '', $source, $ipsec_in_match. "-j $frwd_ref->{name}" ) if $complex && $hostref->{ipsec} ne 'ipsec'; - $needbroadcast{$interface} = $source if get_interface_option $interface, 'detectnets'; + $needbroadcast{$interface}{$source} = 1 if get_interface_option $interface, 'detectnets'; } } } } - for my $interface ( keys %needbroadcast ) { - if ( $chain1 ) { + + if ( $chain1 ) { + for my $interface ( keys %needbroadcast ) { add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1"; add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1"; } - - if ( $chain3 ) { - my $match = match_dest_dev $interface; - my $source = $needbroadcast{$interface}; - add_rule $filter_table->{forward_chain $interface} , "${match}${source}-m addrtype --dst-type BROADCAST -j $chain3" - } } # # F O R W A R D I N G @@ -1660,6 +1655,14 @@ sub generate_matrix() { # no warnings; next ZONE1 if ( $num_ifaces = %{$zoneref->{interfaces}} ) < 2 && ! ( $zoneref->{options}{in_out}{routeback} || @$exclusions ); + while ( my ($interface, $sourceref) = ( each %needbroadcast ) ) { + + if ( get_interface_option( $interface, 'bridge' ) ) { + for my $source ( keys %$sourceref ) { + add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-m addrtype --dst-type BROADCAST -j $chain3" if $chain3; + } + } + } } if ( $zone1ref->{type} eq 'bport4' ) {