forked from extern/shorewall_code
More corrections to wildcard interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
04dfe26549
commit
ffec7a4d95
@ -1406,6 +1406,7 @@ sub add_interface_jumps {
|
|||||||
our %input_jump_added;
|
our %input_jump_added;
|
||||||
our %output_jump_added;
|
our %output_jump_added;
|
||||||
our %forward_jump_added;
|
our %forward_jump_added;
|
||||||
|
my $lo_jump_added = 0;
|
||||||
#
|
#
|
||||||
# Add Nat jumps
|
# Add Nat jumps
|
||||||
#
|
#
|
||||||
@ -1431,14 +1432,14 @@ sub add_interface_jumps {
|
|||||||
#
|
#
|
||||||
# Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT
|
# Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT
|
||||||
#
|
#
|
||||||
add_ijump $filter_table->{INPUT} , j => 'ACCEPT', i => 'lo';
|
|
||||||
|
|
||||||
for my $interface ( grep $_ ne '%vserver%', @_ ) {
|
for my $interface ( grep $_ ne '%vserver%', @_ ) {
|
||||||
my $forwardref = $filter_table->{forward_chain $interface};
|
my $forwardref = $filter_table->{forward_chain $interface};
|
||||||
my $inputref = $filter_table->{input_chain $interface};
|
my $inputref = $filter_table->{input_chain $interface};
|
||||||
my $outputref = $filter_table->{output_chain $interface};
|
my $outputref = $filter_table->{output_chain $interface};
|
||||||
my $interfaceref = find_interface($interface);
|
my $interfaceref = find_interface($interface);
|
||||||
|
|
||||||
|
add_ijump $filter_table->{INPUT} , j => 'ACCEPT', i => 'lo' if $interfaceref->{physical} eq '+' && ! $lo_jump_added++;
|
||||||
|
|
||||||
if ( $interfaceref->{options}{port} ) {
|
if ( $interfaceref->{options}{port} ) {
|
||||||
my $bridge = $interfaceref->{bridge};
|
my $bridge = $interfaceref->{bridge};
|
||||||
add_ijump ( $filter_table->{forward_chain $bridge},
|
add_ijump ( $filter_table->{forward_chain $bridge},
|
||||||
@ -1466,15 +1467,17 @@ sub add_interface_jumps {
|
|||||||
} else {
|
} else {
|
||||||
add_ijump ( $filter_table->{FORWARD}, j => 'ACCEPT', imatch_source_dev( $interface) , imatch_dest_dev( $interface) ) unless $interfaceref->{nets} || ! $interfaceref->{options}{bridge};
|
add_ijump ( $filter_table->{FORWARD}, j => 'ACCEPT', imatch_source_dev( $interface) , imatch_dest_dev( $interface) ) unless $interfaceref->{nets} || ! $interfaceref->{options}{bridge};
|
||||||
|
|
||||||
add_ijump( $filter_table->{FORWARD} , j => $forwardref , imatch_source_dev( $interface ) ) unless $forward_jump_added{$interface}++ || ! use_forward_chain $interface, $forwardref;
|
add_ijump( $filter_table->{FORWARD} , j => $forwardref , imatch_source_dev( $interface ) ) if use_forward_chain( $interface, $forwardref ) && ! $forward_jump_added{$interface}++;
|
||||||
add_ijump( $filter_table->{INPUT} , j => $inputref , imatch_source_dev( $interface ) ) unless $input_jump_added{$interface}++ || ! use_input_chain $interface, $inputref;
|
add_ijump( $filter_table->{INPUT} , j => $inputref , imatch_source_dev( $interface ) ) if use_input_chain( $interface, $inputref ) && ! $input_jump_added{$interface}++;
|
||||||
|
|
||||||
unless ( $output_jump_added{$interface}++ || ! use_output_chain $interface, $outputref ) {
|
if ( use_output_chain $interface, $outputref ) {
|
||||||
add_ijump $filter_table->{OUTPUT} , j => $outputref , imatch_dest_dev( $interface ) unless get_interface_option( $interface, 'port' );
|
add_ijump $filter_table->{OUTPUT} , j => $outputref , imatch_dest_dev( $interface ) unless get_interface_option( $interface, 'port' ) || $output_jump_added{$interface}++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
add_ijump $filter_table->{INPUT} , j => 'ACCEPT', i => 'lo' unless $lo_jump_added++;
|
||||||
|
|
||||||
handle_loopback_traffic;
|
handle_loopback_traffic;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user