Fix multicast through routeback/detectnets/bridge interfaces

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-07-04 15:45:19 +00:00 · 2007-07-04 15:45:19 +00:00 · b4d6c86685
commit b4d6c86685
parent 0db5f3642f
4 changed files with 23 additions and 17 deletions
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -25,10 +25,10 @@ Shorewall 4.0.0 RC 1
 Problems corrected in 4.0.0 Beta 7.

 1)  If 'routeback' and 'detectnets' were specified on an interface,
-    limited broadcasts (to 255.255.255.255) were dropped when forwarded
-    through the interface. This could cause broadcast-based
-    applications to fail when running through a bridge with
-    'detectnets'.
+    limited broadcasts (to 255.255.255.255) and multicasts were dropped
+    when forwarded through the interface. This could cause broadcast
+    and multicast based applications to fail when running through a
+    bridge with 'detectnets'.

 2)  Entries in the hosts file are now more carefully
    validated. Previously, very obvious errors would result in run-time
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@ -1662,6 +1662,7 @@ sub generate_matrix() {
 			if ( get_interface_option( $interface, 'bridge' ) ) {
 			    for my $source ( keys %$sourceref ) {
 				add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 255.255.255.255 -j $chain3";
+				add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 224.0.0.0/4 -j $chain3";
 			    }
 			}
 		    }
--- a/Shorewall-shell/compiler
+++ b/Shorewall-shell/compiler
@ -4365,6 +4365,7 @@ activate_rules()
 			    iface=$(chain_base $interface)
 			    eval source=\"\$need_bcast_$iface\"
 			    run_iptables -A $(forward_chain $interface) $source $(match_dest_dev $interface) -d 255.255.255.255 -j $chain3;
+			    run_iptables -A $(forward_chain $interface) $source $(match_dest_dev $interface) -d 224.0.0.0/4 -j $chain3;
 			fi
 		    done
 		fi
--- a/Shorewall-shell/diff-3.4-compiler
+++ b/Shorewall-shell/diff-3.4-compiler
@ -1,16 +1,19 @@
--- /home/teastep/shorewall/branches/3.4/Shorewall/compiler	2007-06-30 08:39:22.000000000 -0700
-+++ compiler	2007-07-02 10:15:12.000000000 -0700
-@@ -35,6 +35,9 @@
+--- /home/teastep/shorewall/branches/3.4/Shorewall/compiler	2007-07-04 08:07:46.000000000 -0700
+++ compiler	2007-07-04 08:31:25.000000000 -0700
+@@ -35,6 +35,12 @@
 #	    SHOREWALL_DIR                       A directory name was passed to /sbin/shorewall
 #	    VERBOSE                             Standard Shorewall verbosity control.
 
-+MIN_COMMON_VERSION=40000
-+MIN_COMMON_VERSION_PRINTABLE=4.0.0
+BASE_VERSION=40000
+BASE_VERSION_PRINTABLE=4.0.0
+CONFIG_VERSION=40000
+CONFIG_VERSION_PRINTABLE=4.0.0
+
 +
 #
 # Fatal error -- stops the compiler after issuing the error message
 #
-@@ -673,11 +676,11 @@
+@@ -673,11 +679,11 @@
     progress_message2 "Compiling IP Forwarding..."
 
     case "$IP_FORWARDING" in
@ -24,7 +27,7 @@
 	    save_progress_message "IP Forwarding Disabled!"
 	    save_command "echo 0 > /proc/sys/net/ipv4/ip_forward"
 	    ;;
-@@ -3767,7 +3770,7 @@
+@@ -3767,7 +3773,7 @@
 
 	save_progress_message "Setting up Route Filtering..."
 
@ -33,7 +36,7 @@
 	    indent >&3 << __EOF__
 
 for f in /proc/sys/net/ipv4/conf/*; do
-@@ -3791,8 +3794,10 @@
+@@ -3791,8 +3797,10 @@
 
 	save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
 
@ -45,7 +48,7 @@
 	fi
 
 	save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
-@@ -3808,7 +3813,7 @@
+@@ -3808,7 +3816,7 @@
 
 	save_progress_message "Setting up Martian Logging..."
 
@ -54,7 +57,7 @@
 	    indent >&3 << __EOF__
 
 for f in /proc/sys/net/ipv4/conf/*; do
-@@ -3831,9 +3836,12 @@
+@@ -3831,9 +3839,12 @@
 __EOF__
 	    done
 	
@ -68,7 +71,7 @@
 	fi
 
     fi
-@@ -4889,7 +4897,7 @@
+@@ -4890,7 +4901,7 @@
 		;;
 	esac
 
@ -77,13 +80,14 @@
     }
 
     progress_message2 "Initializing..."
-@@ -5731,6 +5739,10 @@
+@@ -5732,6 +5743,11 @@
     fi
 done
 
 +VERSION=$(cat $SHELLSHAREDIR/version)
 +
-+[ $SHOREWALL_LIBVERSION -ge $MIN_COMMON_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common >= $MIN_COMMON_VERSION_PRINTABLE" 
+[ "$SHOREWALL_LIBVERSION"    -eq $BASE_VERSION ]   || fatal_error "Shorewall-shell $VERSION requires Shorewall-common lib.base version $BASE_VERSION_PRINTABLE"
+[ "$SHOREWALL_CONFIGVERSION" -eq $CONFIG_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common lib.config version $CONFIG_VERSION_PRINTABLE"
 +
 PROGRAM=compiler