From 148b251766ade9eaa2123f78e27b5ca513bd182c Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 3 Jul 2010 10:53:25 -0700
Subject: [PATCH] Only send loopback traffic to the 'loopback' chain

---
 Shorewall/Perl/Shorewall/Rules.pm | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index a35c6ab8c..f5e8353ee 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1740,7 +1740,7 @@ sub handle_loopback_traffic() {
 
     if ( @zones > 1 ) {
 	$outchainref = new_standard_chain 'loopback';
-	add_jump $filter_table->{OUTPUT}, $outchainref, 0;
+	add_jump $filter_table->{OUTPUT}, $outchainref, 0, '-o lo ';
     } else {
 	$outchainref = $filter_table->{OUTPUT};
 	$rule = '-o lo ';
@@ -1768,7 +1768,6 @@ sub handle_loopback_traffic() {
 
 	    for my $typeref ( values %{$source_hosts_ref} ) {
 		for my $hostref ( @{$typeref->{'%vserver%'}} ) {
-		    my $ipsec_match = match_ipsec_in $z1 , $hostref;
 		    my $exclusion   = source_exclusion( $hostref->{exclusions}, $natref);
 		
 		    for my $net ( @{$hostref->{hosts}} ) {