From 7ec0961a6cf660cd2e7438867d385f916616e0db Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 16 Jul 2010 08:01:10 -0700
Subject: [PATCH] Eradicate incorrect multicast network address

---
 Shorewall/Perl/Shorewall/Actions.pm |  6 +++---
 Shorewall/Perl/Shorewall/Chains.pm  |  2 +-
 Shorewall/Perl/Shorewall/Rules.pm   | 10 +++++-----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Actions.pm b/Shorewall/Perl/Shorewall/Actions.pm
index 4511696b2..770e9e435 100644
--- a/Shorewall/Perl/Shorewall/Actions.pm
+++ b/Shorewall/Perl/Shorewall/Actions.pm
@@ -801,7 +801,7 @@ sub dropBcast( $$$ ) {
     if ( $family == F_IPV4 ) {
 	add_rule $chainref, '-d 224.0.0.0/4 -j DROP';
     } else {
-	add_rule $chainref, '-d ff00::/10 -j DROP';
+	add_rule $chainref, '-d ff00::/8 -j DROP';
     }
 }
 
@@ -833,8 +833,8 @@ sub allowBcast( $$$ ) {
 	    log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
 	    add_rule $chainref, '-d 224.0.0.0/4 -j ACCEPT';
 	} else {
-	    log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d ff00::/10 ' if $level ne '';
-	    add_rule $chainref, '-d ff00::/10 -j ACCEPT';
+	    log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d ff00::/8 ' if $level ne '';
+	    add_rule $chainref, '-d ff00::/8 -j ACCEPT';
 	}
     }
 }
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 958cac759..b9c10e868 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2877,7 +2877,7 @@ sub get_interface_acasts ( $ ) {
 
     my $variable = interface_acasts( $interface );
 
-    $interfaceacasts{$interface} = qq($variable="\$(get_interface_acasts $interface) ff00::/10");
+    $interfaceacasts{$interface} = qq($variable="\$(get_interface_acasts $interface) ff00::/8");
 
     "\$$variable";
 }
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index c0acc58ea..06314018b 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -509,7 +509,7 @@ sub add_common_rules() {
 	if ( $family == F_IPV4 ) {
 	    add_jump( $chainref, $smurfdest, 1, '-s 224.0.0.0/4 ' );
 	} else {
-	    add_jump( $chainref, $smurfdest, 1, '-s ff00::/10 ' );
+	    add_jump( $chainref, $smurfdest, 1, '-s ff00::/8 ' );
 	}
 
 	my $state = $globals{UNTRACKED} ? 'NEW,INVALID,UNTRACKED' : 'NEW,INVALID';
@@ -547,7 +547,7 @@ sub add_common_rules() {
     if ( $family == F_IPV4 ) {
 	add_rule $rejectref , '-s 224.0.0.0/4 -j DROP';
     } else {
-	add_rule $rejectref , '-s ff00::/10 -j DROP';
+	add_rule $rejectref , '-s ff00::/8 -j DROP';
     }
 
     add_rule $rejectref , '-p 2 -j DROP';
@@ -729,7 +729,7 @@ sub setup_mac_lists( $ ) {
 		#
 		# Accept Multicast
 		#
-		add_rule $chainref , '-d ff00::/10 -j RETURN';
+		add_rule $chainref , '-d ff00::/8 -j RETURN';
 	    }
 
 	    if ( $ttl ) {
@@ -2458,11 +2458,11 @@ EOF
     if ( $family == F_IPV6 ) {
 	add_rule $input, '-s ff80::/10 -j ACCEPT';
 	add_rule $input, '-d ff80::/10 -j ACCEPT';
-	add_rule $input, '-d ff00::/10 -j ACCEPT';
+	add_rule $input, '-d ff00::/8 -j ACCEPT';
 
 	unless ( $config{ADMINISABSENTMINDED} ) {
 	    add_rule $output, '-d ff80::/10 -j ACCEPT';
-	    add_rule $output, '-d ff00::/10 -j ACCEPT';
+	    add_rule $output, '-d ff00::/8 -j ACCEPT';
 	}
     }