holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Avoid blocking DHCP broadcasts during MAC verification

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-07-13 14:29:52 +00:00
parent d050552a36
commit ef9d22b647
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall/firewall
View File

@ -2302,6 +2302,7 @@ setup_mac_lists() {
local hosts local hosts
local ipsec local ipsec
local policy= local policy=
local options
# #
# Generate the list of interfaces having MAC verification # Generate the list of interfaces having MAC verification
# #
@ -2391,6 +2392,10 @@ setup_mac_lists() {
run_iptables -A $chain -s $address -d 224.0.0.0/4 -j $chain1 run_iptables -A $chain -s $address -d 224.0.0.0/4 -j $chain1
done done
if $(interface_has_option $interface dhcp); then
run_iptables -A $chain -p udp --sport 68 --dport 67 -s 0.0.0.0 -d 255.255.255.255 -j ACCEPT
fi
if [ -n "$MACLIST_LOG_LEVEL" ]; then if [ -n "$MACLIST_LOG_LEVEL" ]; then
log_rule $MACLIST_LOG_LEVEL $chain $MACLIST_DISPOSITION log_rule $MACLIST_LOG_LEVEL $chain $MACLIST_DISPOSITION
fi fi