On Tue, 2011-06-14 at 07:12 -0700, Tom Eastep wrote: > On Tue, 2011-06-14 at 15:52 +0200, Simon Matter wrote: > > I understand that the wildcard "+" is catched here but how would a > > wildcard like "eth+" work in this case? > > It works okay, although it generates a rule in the INPUT chain that I'm > surprised is accepted by iptables/Netfilter. A second patch is > forthcoming that eliminates that rules.
Here is the second patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index b3d96f8..a1ee795 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -559,9 +559,6 @@ sub add_common_rules() {
if ( @filters ) {
add_jump( $chainref , $target, 1, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters;
- } elsif ( $interfaceref->{bridge} eq $interface ) {
- add_jump( $chainref , $target, 1, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++
- unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+';
}
add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT};
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
