extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-11 12:16:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Don't add broadcasts to /0 groups

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1095 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-01-28 00:52:03 +00:00
parent a57c778928
commit d116d04fb8
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/changelog.txt
View File

@ -15,3 +15,7 @@ Changes since 1.4.9
limiting (with an assist from Steven Jan Springl). limiting (with an assist from Steven Jan Springl).
7) Silently drop smurfs and broadcasts in the 'reject' chain. 7) Silently drop smurfs and broadcasts in the 'reject' chain.
8) Add multicast to 'detectnets' zones.
9) Don't add broadcasts to /0 groups.

9
Shorewall/firewall
View File

@ -4888,14 +4888,17 @@ activate_rules()
[ -n "$complex" ] && \ [ -n "$complex" ] && \
run_iptables -A `forward_chain $interface` -s $subnet -j $frwd_chain run_iptables -A `forward_chain $interface` -s $subnet -j $frwd_chain
if ! list_search $interface $need_broadcast ; then if [ "$subnet" != 0.0.0.0/0 ]; then
eval options=\$`chain_base ${interface}`_options if ! list_search $interface $need_broadcast ; then
list_search detectnets $options && need_broadcast="$need_broadcast $interface" eval options=\$`chain_base ${interface}`_options
list_search detectnets $options && need_broadcast="$need_broadcast $interface"
fi
fi fi
done done
for interface in $need_broadcast ; do for interface in $need_broadcast ; do
run_iptables -A OUTPUT -o $interface -d 255.255.255.255 -j $chain1 run_iptables -A OUTPUT -o $interface -d 255.255.255.255 -j $chain1
run_iptables -A OUTPUT -o $interface -d 224.0.0.0/4 -j $chain1
done done
for zone1 in $zones; do for zone1 in $zones; do