Fix policy and maclist

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1547 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-08-16 18:00:53 +00:00 · 2004-08-16 18:00:53 +00:00 · 4292ef2e98
commit 4292ef2e98
parent af8baff5cb
2 changed files with 4 additions and 2 deletions
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@ -44,3 +44,5 @@ Changes since 2.0.3
 20) No longer enforce source port 500 for ISAKMP.

 21) Apply policy to interface/host options.
+
+22) Fix policy and maclist.
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -1828,14 +1828,14 @@ setup_mac_lists() {
    # Generate jumps from the input and forward chains
    #
    for hosts in $maclist_hosts; do
-	ipsec=${hosst%^*}
+	ipsec=${hosts%^*}
 	hosts=${hosts#*^}
 	[ -n $POLICY_MATCH ] && policy="-m policy --pol $ipsec --dir in" || policy=
 	interface=${hosts%%:*}
 	hosts=${hosts#*:}
 	for chain in $(first_chains $interface) ; do
 	    run_iptables -A $chain $(match_source_hosts $hosts) -m state --state NEW \
-		-j $(mac_chain $interface)
+		$policy -j $(mac_chain $interface)
 	done
    done
 }