From: mkasper Date: Sat, 27 May 2006 16:15:14 +0000 (+0000) Subject: Do not generate anti-spoof rules for optional interfaces that have other interfaces... X-Git-Url: https://git.gsnw.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc0e26b568955e83425e7b2ce376978f7bc0125d;p=m0n0chwall.git Do not generate anti-spoof rules for optional interfaces that have other interfaces bridged to them (as opposed to being bridged to another interface, which was already handled properly) when the filtering bridge is on git-svn-id: https://svn.m0n0.ch/wall/trunk@140 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- diff --git a/CHANGELOG b/CHANGELOG index b0b6888..3955b80 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,10 @@ $Id$ *** Note: Please add new entries to the top of this file. *** ------------------------------------------------------------------------------- +- do not generate anti-spoof rules for optional interfaces that have other interfaces + bridged to them (as opposed to being bridged to another interface, which was already + handled properly) when the filtering bridge is on (mkasper) + - added support for 3rd party extensions in the group management and dynamic menu system. (ptaylor) - Thanks to Leo Fante for code modifications diff --git a/phpconf/inc/filter.inc b/phpconf/inc/filter.inc index 8587748..52e210b 100644 --- a/phpconf/inc/filter.inc +++ b/phpconf/inc/filter.inc @@ -457,7 +457,15 @@ EOD; /* OPT spoof check */ foreach ($optcfg as $on => $oc) { /* omit for bridged interfaces when the filtering bridge is on */ - if ($oc['ip'] && (!$oc['bridge'] || !isset($config['bridge']['filteringbridge']))) + $isbridged = false; + foreach ($optcfg as $on2 => $oc2) { + if ($oc2['bridge'] && $oc2['bridge_if'] == $on) { + $isbridged = true; + break; + } + } + + if ($oc['ip'] && !(($oc['bridge'] || $isbridged) && isset($config['bridge']['filteringbridge']))) $ipfrules .= filter_rules_spoofcheck_generate($on, $oc['if'], $oc['sa'], $oc['sn'], $log); }