From 328e1b7f6a3dfdb7f1f4f23403822e5f61ec5d1e Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 12 Jul 2010 12:39:51 -0700
Subject: [PATCH] Don't generate rules to link local net from vserver zones

---
 Shorewall/Perl/Shorewall/Rules.pm | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 49e9d34f6..78ae52389 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1983,9 +1983,11 @@ sub generate_matrix() {
 				add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++;
 				$use_output = 1;
 
-				for my $vzone ( vserver_zones ) {
-				    generate_source_rules ( $outputref, $vzone, $zone, $dest );
-				}    
+				unless ( uc $net eq IPv6_LINKLOCAL ) {
+				    for my $vzone ( vserver_zones ) {
+					generate_source_rules ( $outputref, $vzone, $zone, $dest );
+				    }
+				}
 			    } else {
 				$outputref = $filter_table->{OUTPUT};
 				$interfacematch = match_dest_dev $interface;