forked from extern/shorewall_code
Fix SCTP source port filtering
This commit is contained in:
parent
94a7df0cd5
commit
5758ba3f69
@ -836,7 +836,7 @@ sub process_tc_filter( ) {
|
|||||||
} elsif ( $protonumber == UDP ) {
|
} elsif ( $protonumber == UDP ) {
|
||||||
$rule1 = join( ' ', 'match udp src', hex_value( $sport ), "0x$smask" );
|
$rule1 = join( ' ', 'match udp src', hex_value( $sport ), "0x$smask" );
|
||||||
} else {
|
} else {
|
||||||
$rule1 = "match u32 0x${sport}0000 0x${smask}0000 at nexthdr+0\\" ,
|
$rule1 = "match u32 0x${sport}0000 0x${smask}0000 at nexthdr+0" ,
|
||||||
}
|
}
|
||||||
|
|
||||||
emit( "\nrun_tc $rule\\" ,
|
emit( "\nrun_tc $rule\\" ,
|
||||||
@ -893,7 +893,7 @@ sub process_tc_filter( ) {
|
|||||||
} elsif ( $protonumber == UDP ) {
|
} elsif ( $protonumber == UDP ) {
|
||||||
$rule2 = join( ' ', 'match udp src', hex_value( $sport ), "0x$smask" );
|
$rule2 = join( ' ', 'match udp src', hex_value( $sport ), "0x$smask" );
|
||||||
} else {
|
} else {
|
||||||
$rule2 = "match u32 0x${sport}0000 0x${smask}0000 at nexthdr+0\\" ,
|
$rule2 = "match u32 0x${sport}0000 0x${smask}0000 at nexthdr+0" ,
|
||||||
}
|
}
|
||||||
|
|
||||||
emit( "\nrun_tc ${rule}\\",
|
emit( "\nrun_tc ${rule}\\",
|
||||||
|
@ -206,7 +206,7 @@ None.
|
|||||||
|
|
||||||
Local traffic (that coming from the firewall and from the DMZ
|
Local traffic (that coming from the firewall and from the DMZ
|
||||||
server) is placed in the effectively unrestricted class 1:10. The
|
server) is placed in the effectively unrestricted class 1:10. The
|
||||||
default class is guaranteed have of the download capacity and my
|
default class is guaranteed half of the download capacity and my
|
||||||
work system (172.20.1.107) is guarandeed the other half.
|
work system (172.20.1.107) is guarandeed the other half.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
Loading…
Reference in New Issue
Block a user