Fix another iprange bug in generate_matrix()

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6121 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-26 16:56:04 +00:00
parent e3f35a632a
commit 01af0eb020

View File

@ -1629,7 +1629,6 @@ sub generate_matrix() {
my $chain3ref = $filter_table->{forward_chain $interface}; my $chain3ref = $filter_table->{forward_chain $interface};
for my $hostref ( @$arrayref ) { for my $hostref ( @$arrayref ) {
for my $net ( @{$hostref->{hosts}} ) { for my $net ( @{$hostref->{hosts}} ) {
my $source_match = match_source_net $net;
for my $type1ref ( values %$dest_hosts_ref ) { for my $type1ref ( values %$dest_hosts_ref ) {
for my $interface1 ( keys %$type1ref ) { for my $interface1 ( keys %$type1ref ) {
my $array1ref = $type1ref->{$interface1}; my $array1ref = $type1ref->{$interface1};
@ -1637,9 +1636,12 @@ sub generate_matrix() {
my $ipsec_out_match = match_ipsec_out $zone1 , $host1ref; my $ipsec_out_match = match_ipsec_out $zone1 , $host1ref;
for my $net1 ( @{$host1ref->{hosts}} ) { for my $net1 ( @{$host1ref->{hosts}} ) {
unless ( $interface eq $interface1 && $net eq $net1 && ! $host1ref->{options}{routeback} ) { unless ( $interface eq $interface1 && $net eq $net1 && ! $host1ref->{options}{routeback} ) {
#
# We have to defer evaluation of the source net match to accomodate systems without $capabilities{KLUDEFREE};
#
add_rule add_rule
$chain3ref , $chain3ref ,
join( '', "-o $interface1 ", $source_match, match_dest_net($net1), $ipsec_out_match, "-j $chain" ); join( '', "-o $interface1 ", match_source_net($net), match_dest_net($net1), $ipsec_out_match, "-j $chain" );
} }
} }
} }