Replace addrtype MULTICAST with address match

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6364 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-05-15 20:40:15 +00:00 · 2007-05-15 20:40:15 +00:00 · 8cbf608215
commit 8cbf608215
parent c05903e2e2
2 changed files with 8 additions and 8 deletions
--- a/Shorewall-perl/Shorewall/Actions.pm
+++ b/Shorewall-perl/Shorewall/Actions.pm
@ -548,11 +548,11 @@ sub process_actions3 () {

 	if ( $level ) {
 	    log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -m addrtype --dst-type BROADCAST';
-	    log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -m addrtype --dst-type MULTICAST';
+	    log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4';
 	}

 	add_rule $chainref, '-m addrtype --dst-type BROADCAST -j DROP';
-	add_rule $chainref, '-m addrtype --dst-type MULTICAST -j DROP';
+	add_rule $chainref, '-d 224.0.0.0/4 -j DROP';
    }

    sub allowBcast( $$$ ) {
@ -560,11 +560,11 @@ sub process_actions3 () {

 	if ( $level ) {
 	    log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -m addrtype --dst-type BROADCAST';
-	    log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -m addrtype --dst-type MULTICAST';
+	    log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4';
 	}

 	add_rule $chainref, '-m addrtype --dst-type BROADCAST -j ACCEPT';
-	add_rule $chainref, '-m addrtype --dst-type MULTICAST -j ACCEPT';
+	add_rule $chainref, '-d 224.0.0.0/4 -j ACCEPT';
    }

    sub dropNotSyn ( $$$ ) {
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@ -519,10 +519,10 @@ sub add_common_rules() {
    add_rule $chainref , '-s 0.0.0.0 -j RETURN';

    add_rule_pair $chainref, '-m addrtype --src-type BROADCAST ', 'DROP', $config{SMURF_LOG_LEVEL} ;
-    add_rule_pair $chainref, '-m addrtype --src-type MULTICAST ', 'DROP', $config{SMURF_LOG_LEVEL} ;
+    add_rule_pair $chainref, '-s 224.0.0.0/4 ', 'DROP', $config{SMURF_LOG_LEVEL} ;
    
    add_rule $rejectref , '-m addrtype --src-type BROADCAST -j DROP';
-    add_rule $rejectref , '-m addrtype --src-type MULTICAST -j DROP';
+    add_rule $rejectref , '-s 224.0.0.0/4 -j DROP';

    if ( @$list ) {
 	progress_message2 'Adding Anti-smurf Rules';
@ -766,7 +766,7 @@ sub setup_mac_lists( $ ) {
 		add_commands( $chainref, 
 			      "for address in $variable; do",
 			      "    echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type BROADCAST -j RETURN\" >&3",
-			      "    echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type MULTICAST -j RETURN\" >&3",
+			      "    echo \"-A $chainref->{name} -s \$address -d 224.0.0.0/4 -j RETURN\" >&3",
 			      'done' );
 	    }

@ -1520,7 +1520,7 @@ sub generate_matrix() {
 	if ( $chain1 ) {
 	    for my $interface ( keys %needbroadcast ) {
 		add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
-		add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type MULTICAST -j $chain1";
+		add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1";
 	    }
 	}