From d85f6970e3a76b6774242a053dc25832bcd55337 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 10 Nov 2011 06:53:48 -0800
Subject: [PATCH] Fix wildcard interfaces

- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Misc.pm | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 77b35e4c3..280d3fa85 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -1399,8 +1399,6 @@ sub handle_loopback_traffic() {
 	    }
 	}
     }
-
-    add_ijump $filter_table->{INPUT} , j => 'ACCEPT', i => 'lo';
 }
 
 #
@@ -1435,6 +1433,8 @@ sub add_interface_jumps {
     #
     # Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT
     #
+    add_ijump $filter_table->{INPUT} , j => 'ACCEPT', i => 'lo';
+
     for my $interface ( grep $_ ne '%vserver%', @_ ) {
 	my $forwardref   = $filter_table->{forward_chain $interface};
 	my $inputref     = $filter_table->{input_chain $interface};
@@ -1475,6 +1475,8 @@ sub add_interface_jumps {
 		add_ijump $filter_table->{OUTPUT} , j => $outputref , imatch_dest_dev( $interface ) unless get_interface_option( $interface, 'port' );
 	    }
 	}
+
+	$input_jump_added{$interface} = $output_jump_added{$interface} = $forward_jump_added{$interface} = 1;
     }
 
     handle_loopback_traffic;