From 88595aec4f18cf24213f507153ba60b53da3de34 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 18 Jun 2003 19:40:35 +0000
Subject: [PATCH] Refine 'newnotsyn' option handling

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@600 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index d12c20994..4a352ce04 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -3308,7 +3308,10 @@ initialize_netfilter () {
 	createchain newnotsyn no
 
 	for interface in `find_interfaces_by_option newnotsyn`; do
-	    run_iptables -A newnotsyn -i $interface -j RETURN
+	    #
+	    # Packets arriving on this interface are submitted to the rules
+	    #
+	    run_iptables -A newnotsyn -i $interface                            -j RETURN
 	done
 
 	run_user_exit newnotsyn
@@ -3375,9 +3378,13 @@ build_common_chain() {
 	run_iptables -A common -p tcp --tcp-flags ACK ACK -j ACCEPT
 	run_iptables -A common -p tcp --tcp-flags RST RST -j ACCEPT
     else
-	for interface in `find_interfaces_by_option newnotsyn`; do
-	    run_iptables -A common -i $interface -p tcp --tcp-flags ACK ACK -j ACCEPT
-	    run_iptables -A common -i $interface -p tcp --tcp-flags RST RST -j ACCEPT
+	interfaces=`find_interfaces_by_option newnotsyn`
+
+	for interface in $interfaces; do
+	    for interface1 in $interfaces; do
+		run_iptables -A common -i $interface -o $interface1 -p tcp --tcp-flags ACK ACK -j ACCEPT
+		run_iptables -A common -i $interface -o $interface1 -p tcp --tcp-flags RST RST -j ACCEPT
+	    done
 	done
     fi
     #