holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Don't generate rules from link local net to vserver zones

Browse Source
This commit is contained in:
Tom Eastep 2010-07-12 11:52:56 -07:00
parent eff84ae8a6
commit 59189d6324
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/IPAddrs.pm
View File

@ -91,9 +91,9 @@ our $validate_host;
use constant { ALLIPv4 => '0.0.0.0/0' ,
ALLIPv6 => '::/0' ,
IPv4_MULTICAST => '224.0.0.0/4' ,
IPv6_MULTICAST => 'FF00::/10' ,
IPv6_LINKLOCAL => 'FF80::/10' ,
IPv6_SITELOCAL => 'FFC0::/10' ,
IPv6_MULTICAST => 'FF00::/8' ,
IPv6_LINKLOCAL => 'FE80::/10' ,
IPv6_SITELOCAL => 'FEC0::/10' ,
IPv6_LOOPBACK => '::1' ,
IPv6_LINK_ALLNODES => 'FF01::1' ,
IPv6_LINK_ALLRTRS => 'FF01::2' ,

8
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2042,9 +2042,11 @@ sub generate_matrix() {
add_jump $filter_table->{INPUT}, $inputchainref, 0, match_source_dev($interface) unless $input_jump_added{$interface}++;
$use_input = 1;
for my $vzone ( @vservers ) {
my $target = rules_target( $zone, $vzone );
generate_dest_rules( $inputchainref, $target, $vzone, $source . $ipsec_in_match ) if $target;
if ( uc $net ne IPv6_LINKLOCAL ) {
for my $vzone ( @vservers ) {
my $target = rules_target( $zone, $vzone );
generate_dest_rules( $inputchainref, $target, $vzone, $source . $ipsec_in_match ) if $target;
}
}
} else {
$inputchainref = $filter_table->{INPUT};