diff --git a/Shorewall/compiler b/Shorewall/compiler index f02014436..e656ffd58 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -2369,6 +2369,7 @@ setup_mac_lists() { addresses="$mac" mac="$interface" interface="$disposition" + disposition=ACCEPT target=RETURN ;; esac diff --git a/Shorewall/firewall b/Shorewall/firewall index 9d60e943c..0b38b7003 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -2590,6 +2590,8 @@ setup_mac_lists() { while read disposition interface mac addresses; do expandv disposition interface mac addresses + level= + case $disposition in ACCEPT:*) level=${disposition#*:} @@ -2597,7 +2599,7 @@ setup_mac_lists() { target=RETURN ;; ACCEPT) - disposition=RETURN + target=RETURN ;; REJECT:*) [ $MACLIST_TABLE = mangle ] && fatal_error "DISPOSITION = REJECT is incompatible with MACLIST_TABLE=mangle" @@ -2606,6 +2608,7 @@ setup_mac_lists() { ;; REJECT) [ $MACLIST_TABLE = mangle ] && fatal_error "DISPOSITION = REJECT is incompatible with MACLIST_TABLE=mangle" + target=reject ;; DROP:*) level=${disposition#*:} @@ -2613,12 +2616,14 @@ setup_mac_lists() { target=DROP ;; DROP) + target=DROP ;; *) addresses="$mac" mac="$interface" interface="$disposition" - disposition=RETURN + disposition=ACCEPT + target=RETURN ;; esac @@ -2643,7 +2648,7 @@ setup_mac_lists() { if [ -z "$addresses" ]; then fatal_error "You must specify a MAC address or an IP address" else - mac= + maclist= fi else macpart=$(mac_match $mac) diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 26eb87ea3..398f951f1 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -874,13 +874,12 @@ reload_command() { esac export NOROUTES + export PROGRAM=Yes [ -n "$nolock" ] || mutex_on progress_message3 "Compiling..." - export PROGRAM=Yes - if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.reload; then progress_message3 "Installing..." /var/lib/shorewall/.reload reload