diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 819280277..29ab2d198 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -2520,15 +2520,15 @@ sub ensure_audit_blacklog_chain( $$$ ) { # Create and populate the passed AUDIT chain if it doesn't exist. Return chain name # -sub ensure_audit_chain( $;$$ ) { - my ( $target, $action, $tgt ) = @_; +sub ensure_audit_chain( $;$$$ ) { + my ( $target, $action, $tgt, $table ) = @_; my $save_comment = push_comment; my $ref = $filter_table->{$target}; unless ( $ref ) { - $ref = new_chain 'filter', $target; + $ref = new_chain( $table || 'filter', $target ); unless ( $action ) { $action = $target; diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 9f0f5de61..9db89cd20 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -1165,7 +1165,7 @@ sub setup_mac_lists( $ ) { my $target = $globals{MACLIST_TARGET}; my $level = $config{MACLIST_LOG_LEVEL}; my $disposition = $config{MACLIST_DISPOSITION}; - my $audit = $disposition =~ /^A_/; + my $audit = $disposition =~ s/^A_//; my $ttl = $config{MACLIST_TTL}; progress_message2 "$doing MAC Filtration -- Phase $phase..."; @@ -1281,6 +1281,8 @@ sub setup_mac_lists( $ ) { # # Phase II # + ensure_audit_chain( $target, $disposition, undef, $table ) if $audit; + for my $interface ( @maclist_interfaces ) { my $chainref = $chain_table{$table}{( $ttl ? macrecent_target $interface : mac_chain $interface )}; my $chain = $chainref->{name};