mirror of
https://github.com/sshuttle/sshuttle.git
synced 2024-11-29 03:14:20 +01:00
ca41026c89
Before this change, in pf, exclusions used a pass out quick which gave them higher precedence than any other rule independent of subnet width. As reported in #265 this causes exclusion from one instance of sshuttle to also take effect on other instances because quick aborts the evaluation of rules across all anchors. This commit changes the precedence of rules so quick can now be dropped. The new order is defined by the following rule, from subnet_weight: "We need to go from smaller, more specific, port ranges, to larger, less-specific, port ranges. At each level, we order by subnet width, from most-specific subnets (largest swidth) to least-specific. On ties, excludes come first." |
||
|---|---|---|
| .. | ||
| client | ||
| server | ||
| conftest.py | ||