From 6c3163cc27e7dd83c3a97bd9c4d1216f39d13cf3 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 25 May 2011 10:45:57 -0700
Subject: [PATCH] Routeback corrections

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 7dc2e780d..cbc2789d8 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -636,8 +636,6 @@ sub apply_policy_rules() {
 sub complete_standard_chain ( $$$$ ) {
     my ( $stdchainref, $zone, $zone2, $default ) = @_;
 
-    add_rule $stdchainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" unless $config{FASTACCEPT};
-
     run_user_exit $stdchainref;
 
     my $ruleschainref = $filter_table->{rules_chain( ${zone}, ${zone2} ) } || $filter_table->{rules_chain( 'all', 'all' ) };
@@ -1217,11 +1215,16 @@ sub prevent_hairpins() {
     for my $interface (all_interfaces) {
 	my $interfaceref = find_interface( $interface );
        
-	add_jump( $filter_table->{forward_chain $interface},
-		  $target,
-		  1,
-		  match_dest_dev( $interface ) )
-	    unless $interfaceref->{routefilter} || $interfaceref->{options}{routeback} || $interfaceref->{options}{ignore};
+	if ( $interfaceref->{bridge} eq $interface ) {
+	    #
+	    # It is not possible to block these attempts on a bridge :-(
+	    #
+	    add_jump( $filter_table->{forward_chain $interface},
+		      $target,
+		      1,
+		      match_dest_dev( $interface ) )
+		unless $interfaceref->{optiones}{routefilter} || $interfaceref->{options}{routeback} || $interfaceref->{options}{ignore};
+	}	    
     }
 }