From f9ee8c494d9c302a2989f6b54ea9951de9b4b0a9 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 14 Jun 2011 06:45:22 -0700 Subject: [PATCH] Exempt wildcard interfaces from sfilter Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Misc.pm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 5d8feb6af..17cd6efe1 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -548,7 +548,8 @@ sub add_common_rules() { if ( @filters ) { add_jump( $chainref , $target1, ! $ipsec, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters; } elsif ( $interfaceref->{bridge} eq $interface ) { - add_jump( $chainref , $target1, ! $ipsec, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter}; + add_jump( $chainref , $target1, ! $ipsec, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ + unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+'; } add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT}; @@ -559,7 +560,8 @@ sub add_common_rules() { if ( @filters ) { add_jump( $chainref , $target, 1, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters; } elsif ( $interfaceref->{bridge} eq $interface ) { - add_jump( $chainref , $target, 1, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter}; + add_jump( $chainref , $target, 1, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ + unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+'; } add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT};