Only add dhcp rule if one rpfilter interface has the 'dhcp' option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-12-22 22:30:58 +01:00 · 2015-07-03 12:21:04 -07:00 · 2015-07-03 12:21:04 -07:00 · c6f48a77e0
commit c6f48a77e0
parent e7792fc868
1 changed files with 14 additions and 7 deletions
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@ -920,13 +920,20 @@ sub add_common_rules ( $$ ) {

 	my $rpfilterref = ensure_mangle_chain( 'rpfilter' );

-	add_ijump( $rpfilterref,
-		   j        => 'RETURN',
-		   s        => NILIPv4,
-		   p        => UDP,
-		   dport    => 67,
-		   sport    => 68
-	    ) if $family == F_IPV4;
+	if ( $family == F_IPV4 ) {
+	    for $interface ( @$list ) {
+		if ( get_interface_option( $interface, 'dhcp' ) ) {
+		    add_ijump( $rpfilterref,
+			       j        => 'RETURN',
+			       s        => NILIPv4,
+			       p        => UDP,
+			       dport    => 67,
+			       sport    => 68
+			);
+		    last;
+		}
+	    }
+	}

 	add_ijump( $rpfilterref,
 		   j        => $target,