extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-08 10:47:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Exempt IPv4 DHCP broadcasts from rpfilter

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-07-03 10:03:03 -07:00
parent c47abe416a
commit e7792fc868
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -918,12 +918,22 @@ sub add_common_rules ( $$ ) {
$target = $policy eq 'REJECT' ? 'reject' : $policy; $target = $policy eq 'REJECT' ? 'reject' : $policy;
} }
add_ijump( ensure_mangle_chain( 'rpfilter' ), my $rpfilterref = ensure_mangle_chain( 'rpfilter' );
add_ijump( $rpfilterref,
j => 'RETURN',
s => NILIPv4,
p => UDP,
dport => 67,
sport => 68
) if $family == F_IPV4;
add_ijump( $rpfilterref,
j => $target, j => $target,
rpfilter => '--validmark --invert', rpfilter => '--validmark --invert',
state_imatch 'NEW,RELATED,INVALID', state_imatch 'NEW,RELATED,INVALID',
@ipsec @ipsec
); );
} }
run_user_exit1 'initdone'; run_user_exit1 'initdone';