extern/sshuttle
1
1
Fork 0
mirror of https://github.com/sshuttle/sshuttle.git synced 2025-03-10 04:59:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix the excludes rule for OS X Yosemite and OS X El Captain

Browse Source 
Without this fix, the rdr rule is executed sending the packages that
should be excluded to the ssh tunnel.

What I did was make sure that the packages that are going to the
excluded subnets are processed first and only after that, the remaining
packages will be sent to the ssh tunnel.

Thanks Warr1024 on #openssh channel in freenode for telling me about
the quick keyword and the rest of guys in the channel who tried to help.
This commit is contained in:
Douglas Soares de Andrade 2015-06-18 18:09:18 -03:00
parent a38963301e
commit f870ceba00
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/firewall.py
View File

@ -499,7 +499,7 @@ def do_pf(port, dnsport, family, subnets, udp):
exclude_subnets = filter(lambda s:s[2], sorted(subnets, reverse=True))
if exclude_subnets:
tables.append('table <exclude_subnets> {%s}' % ','.join(["%s/%s" % (n[3], n[1]) for n in exclude_subnets]))
filtering_rules.append('pass out route-to lo0 inet proto tcp to <exclude_subnets> keep state')
filtering_rules.append('pass out quick proto tcp from any to <exclude_subnets> keep state')
if dnsport:
nslist = resolvconf_nameservers()