holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix wildcard interfaces

Browse Source 
- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-11-10 06:53:48 -08:00
parent 83d373c0aa
commit d85f6970e3
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -1399,8 +1399,6 @@ sub handle_loopback_traffic() {
} }
} }
} }
add_ijump $filter_table->{INPUT} , j => 'ACCEPT', i => 'lo';
} }
# #
@ -1435,6 +1433,8 @@ sub add_interface_jumps {
# #
# Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT # Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT
# #
add_ijump $filter_table->{INPUT} , j => 'ACCEPT', i => 'lo';
for my $interface ( grep $_ ne '%vserver%', @_ ) { for my $interface ( grep $_ ne '%vserver%', @_ ) {
my $forwardref = $filter_table->{forward_chain $interface}; my $forwardref = $filter_table->{forward_chain $interface};
my $inputref = $filter_table->{input_chain $interface}; my $inputref = $filter_table->{input_chain $interface};
@ -1475,6 +1475,8 @@ sub add_interface_jumps {
add_ijump $filter_table->{OUTPUT} , j => $outputref , imatch_dest_dev( $interface ) unless get_interface_option( $interface, 'port' ); add_ijump $filter_table->{OUTPUT} , j => $outputref , imatch_dest_dev( $interface ) unless get_interface_option( $interface, 'port' );
} }
} }
$input_jump_added{$interface} = $output_jump_added{$interface} = $forward_jump_added{$interface} = 1;
} }
handle_loopback_traffic; handle_loopback_traffic;