On 05/20/2013 07:44 AM, Tom Eastep wrote: > The more I have thought about it, the less that I like 'local' being an > interface option. In this Beta, 'local' changes to being a zone type. > > 1) A new interface option has been added. > > destonly > > Causes the compiler to omit rules to handle traffic arriving on > the interface. >
The attached patch allows 'destonly' on the loopback interface to work correctly with a 'local' zone. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index aa405ed..fdd2b79 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -1520,7 +1520,7 @@ sub add_interface_jumps {
my @interfaces = grep $_ ne '%vserver%', @_;
my $dummy;
my $loref = known_interface('lo');
- my $lo_jump_added = local_zone;
+ my $lo_jump_added = local_zone && ! get_interface_option( 'lo', 'destonly' );
#
# Add Nat jumps
#
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
