forked from extern/shorewall_code
Fix another iprange bug in generate_matrix()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6121 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
e3f35a632a
commit
01af0eb020
@ -1629,7 +1629,6 @@ sub generate_matrix() {
|
|||||||
my $chain3ref = $filter_table->{forward_chain $interface};
|
my $chain3ref = $filter_table->{forward_chain $interface};
|
||||||
for my $hostref ( @$arrayref ) {
|
for my $hostref ( @$arrayref ) {
|
||||||
for my $net ( @{$hostref->{hosts}} ) {
|
for my $net ( @{$hostref->{hosts}} ) {
|
||||||
my $source_match = match_source_net $net;
|
|
||||||
for my $type1ref ( values %$dest_hosts_ref ) {
|
for my $type1ref ( values %$dest_hosts_ref ) {
|
||||||
for my $interface1 ( keys %$type1ref ) {
|
for my $interface1 ( keys %$type1ref ) {
|
||||||
my $array1ref = $type1ref->{$interface1};
|
my $array1ref = $type1ref->{$interface1};
|
||||||
@ -1637,9 +1636,12 @@ sub generate_matrix() {
|
|||||||
my $ipsec_out_match = match_ipsec_out $zone1 , $host1ref;
|
my $ipsec_out_match = match_ipsec_out $zone1 , $host1ref;
|
||||||
for my $net1 ( @{$host1ref->{hosts}} ) {
|
for my $net1 ( @{$host1ref->{hosts}} ) {
|
||||||
unless ( $interface eq $interface1 && $net eq $net1 && ! $host1ref->{options}{routeback} ) {
|
unless ( $interface eq $interface1 && $net eq $net1 && ! $host1ref->{options}{routeback} ) {
|
||||||
|
#
|
||||||
|
# We have to defer evaluation of the source net match to accomodate systems without $capabilities{KLUDEFREE};
|
||||||
|
#
|
||||||
add_rule
|
add_rule
|
||||||
$chain3ref ,
|
$chain3ref ,
|
||||||
join( '', "-o $interface1 ", $source_match, match_dest_net($net1), $ipsec_out_match, "-j $chain" );
|
join( '', "-o $interface1 ", match_source_net($net), match_dest_net($net1), $ipsec_out_match, "-j $chain" );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user