From e3f35a632a9ad178a5a4b4228f3e859bea46c2f3 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 25 Apr 2007 21:03:40 +0000 Subject: [PATCH] Fix an iprange problem with the hosts file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6120 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Chains.pm | 2 +- Shorewall-perl/Shorewall/Rules.pm | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index f18158774..3789096b6 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -932,7 +932,7 @@ sub iprange_match() { require_capability( 'IPRANGE_MATCH' , 'Address Ranges' ); unless ( $iprangematch ) { $match = '-m iprange '; - $iprangematch = 1; + $iprangematch = 1 unless $capabilities{KLUDGEFREE}; } $match; diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 9d01ee72f..ddfc8e153 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -414,6 +414,7 @@ sub process_routestopped() { my $dest = match_dest_net $host; emit "run_iptables -A FORWARD -i $interface -o $interface $source $dest -j ACCEPT"; + clearrule; } } } elsif ( $option eq 'source' ) { @@ -459,6 +460,7 @@ sub process_routestopped() { my ( $interface1, $h1 ) = split /:/, $host1; my $dest1 = match_dest_net $h1; emit "\$IPTABLES -A FORWARD -i $interface -o $interface1 $source $dest1 -j ACCEPT"; + clearrule; } } } @@ -1456,7 +1458,6 @@ sub generate_matrix() { my $ipsec_in_match = match_ipsec_in $zone , $hostref; my $ipsec_out_match = match_ipsec_out $zone , $hostref; for my $net ( @{$hostref->{hosts}} ) { - my $source = match_source_net $net; my $dest = match_dest_net $net; if ( $chain1 ) { @@ -1468,6 +1469,8 @@ sub generate_matrix() { } } + my $source = match_source_net $net; + insertnatjump 'PREROUTING' , dnat_chain $zone, \$prerouting_rule, join( '', "-i $interface ", $source, $ipsec_in_match ); if ( $chain2 ) {