From ea21d61f39c427298d9c4f0789594e0522fed10d Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 12 Nov 2013 08:41:58 -0800
Subject: [PATCH] Correct Broadcast Actions

- Delete --dst-type BROADCAST from IPv6
- Suppress superfluous multicast rule

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/action.Broadcast  | 6 +++---
 Shorewall6/action.Broadcast | 9 ++++-----
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/Shorewall/action.Broadcast b/Shorewall/action.Broadcast
index 96623ae9a..620a6b012 100644
--- a/Shorewall/action.Broadcast
+++ b/Shorewall/action.Broadcast
@@ -64,10 +64,10 @@ if ( have_capability( 'ADDRTYPE' ) ) {
     add_jump $chainref, $target, 0, "-d \$address ";
     decr_cmd_level $chainref;
     add_commands $chainref, 'done';
-}
 
-log_rule_limit $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
-add_jump $chainref, $target, 0, '-d 224.0.0.0/4 ';
+    log_rule_limit $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
+    add_jump $chainref, $target, 0, '-d 224.0.0.0/4 ';
+}
 
 1;
 
diff --git a/Shorewall6/action.Broadcast b/Shorewall6/action.Broadcast
index bbbd14834..7fa0d179f 100644
--- a/Shorewall6/action.Broadcast
+++ b/Shorewall6/action.Broadcast
@@ -1,5 +1,5 @@
 #
-# Shorewall 4 - Broadcast Action
+# Shorewall 4 - Multicast/Anycast Action
 #
 #    /usr/share/shorewall/action.Broadcast
 #
@@ -46,7 +46,6 @@ fatal_error "Invalid parameter to action Broadcast"   if supplied $audit && $aud
 
 if ( have_capability( 'ADDRTYPE' ) ) {
     if ( $level ne '' ) {
-	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type BROADCAST ';
 	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type MULTICAST ';
 	log_rule_limit $level, $chainref, 'dropBcast' , $action, '', $tag, 'add', ' -m addrtype --dst-type ANYCAST ';
     }
@@ -61,10 +60,10 @@ if ( have_capability( 'ADDRTYPE' ) ) {
     add_jump $chainref, $target, 0, "-d \$address ";
     decr_cmd_level $chainref;
     add_commands $chainref, 'done';
-}
 
-log_rule_limit( $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', join( ' ', '-d', IPv6_MULTICAST . ' ' ) )  if $level ne '';
-add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' );
+    log_rule_limit( $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', join( ' ', '-d', IPv6_MULTICAST . ' ' ) )  if $level ne '';
+    add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' );
+}
 
 1;