Fix another instance of 'match_source_interface()'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6487 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-12-16 03:10:39 +01:00 · 2007-06-08 14:55:49 +00:00 · 2007-06-08 14:55:49 +00:00 · ea3d6e08d0
commit ea3d6e08d0
parent da820d1415
2 changed files with 7 additions and 7 deletions
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@ -235,12 +235,12 @@ our %targets = ('ACCEPT'       => STANDARD,
 #
 # expand_rule() restrictions
 #
-use constant { NO_RESTRICT        => 0,
-	       PREROUTE_RESTRICT  => 1,
-	       INPUT_RESTRICT     => 4,
-	       OUTPUT_RESTRICT    => 8,
-	       POSTROUTE_RESTRICT => 16,
-	       ALL_RESTRICT       => 12
+use constant { NO_RESTRICT        => 0,   # Both -i and -o may be used in the rule
+	       PREROUTE_RESTRICT  => 1,   # PREROUTING chain rule - -o converted to -d <address list> using main routing table
+	       INPUT_RESTRICT     => 4,   # INPUT chain rule  - -o not allowed
+	       OUTPUT_RESTRICT    => 8,   # OUTPUT chain rule - -i not allowed
+	       POSTROUTE_RESTRICT => 16,  # POSTROUTING chain rule - -i converted to -s <address list> using main routing table
+	       ALL_RESTRICT       => 12   # INPUT_RESTRICT + OUTPUT_RESTRICT (fw->fw rule - neither -i nor -o allowed)
 	       };
 #
 # Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ...
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@ -1428,7 +1428,7 @@ sub generate_matrix() {

 	    for my $host ( @$exclusions ) {
 		my ( $interface, $net ) = split /:/, $host;
-		my $rule = match_source_interface( $interface ) . "-s $net -j RETURN";
+		my $rule = match_source_dev( $interface ) . "-s $net -j RETURN";
 		add_rule $frwd_ref , $rule;
 		add_rule $in_ref   , $rule;
 		add_rule $out_ref  , $rule;