forked from extern/shorewall_code
Corrections to dropBcast/allowBcast
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
5c716827d6
commit
f05b72327e
@ -1168,7 +1168,6 @@ sub dropBcast( $$$$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
add_jump $chainref, $target, 0, "-m addrtype --dst-type BROADCAST ";
|
add_jump $chainref, $target, 0, "-m addrtype --dst-type BROADCAST ";
|
||||||
add_jump $chainref, $target, 0, "-d 224.0.0.0/4 ";
|
|
||||||
} else {
|
} else {
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
add_commands $chainref, 'for address in $ALL_BCASTS; do';
|
add_commands $chainref, 'for address in $ALL_BCASTS; do';
|
||||||
@ -1181,17 +1180,13 @@ sub dropBcast( $$$$ ) {
|
|||||||
add_jump $chainref, $target, 0, "-d \$address ";
|
add_jump $chainref, $target, 0, "-d \$address ";
|
||||||
decr_cmd_level $chainref;
|
decr_cmd_level $chainref;
|
||||||
add_commands $chainref, 'done';
|
add_commands $chainref, 'done';
|
||||||
|
|
||||||
if ( $family == F_IPV4 ) {
|
|
||||||
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
|
|
||||||
} else {
|
|
||||||
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', join( ' ', ' -d' , IPv6_MULTICAST . ' ' ) if $level ne '';
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
|
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
|
||||||
add_jump $chainref, $target, 0, "-d 224.0.0.0/4 ";
|
add_jump $chainref, $target, 0, "-d 224.0.0.0/4 ";
|
||||||
} else {
|
} else {
|
||||||
|
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', join( ' ', ' -d' , IPv6_MULTICAST . ' ' ) if $level ne '';
|
||||||
add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' );
|
add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1212,7 +1207,6 @@ sub allowBcast( $$$$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
add_jump $chainref, $target, 0, "-m addrtype --dst-type BROADCAST ";
|
add_jump $chainref, $target, 0, "-m addrtype --dst-type BROADCAST ";
|
||||||
add_jump $chainref, $target, 0, join( ' ' , ' -d', IPv6_MULTICAST , '' );
|
|
||||||
} else {
|
} else {
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
add_commands $chainref, 'for address in $ALL_BCASTS; do';
|
add_commands $chainref, 'for address in $ALL_BCASTS; do';
|
||||||
@ -1225,14 +1219,14 @@ sub allowBcast( $$$$ ) {
|
|||||||
add_rule $chainref, "-d \$address -j $target";
|
add_rule $chainref, "-d \$address -j $target";
|
||||||
decr_cmd_level $chainref;
|
decr_cmd_level $chainref;
|
||||||
add_commands $chainref, 'done';
|
add_commands $chainref, 'done';
|
||||||
|
}
|
||||||
|
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
|
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
|
||||||
add_jump $chainref, $target, 0, "-d 224.0.0.0/4 ";
|
add_jump $chainref, $target, 0, "-d 224.0.0.0/4 ";
|
||||||
} else {
|
} else {
|
||||||
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d ' . IPv6_MULTICAST . ' ' if $level ne '';
|
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d ' . IPv6_MULTICAST . ' ' if $level ne '';
|
||||||
add_jump $chainref, $target, 0, join ( ' ', '-d', IPv6_MULTICAST . ' ' );
|
add_jump $chainref, $target, 0, join ( ' ', '-d', IPv6_MULTICAST . ' ' );
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user