diff options
| author | Bob Gilligan <gilligan@vyatta.com> | 2009-04-24 14:30:40 -0700 |
|---|---|---|
| committer | Bob Gilligan <gilligan@vyatta.com> | 2009-04-24 14:30:40 -0700 |
| commit | 7b24a1d602390d12befb29f84b1c3de18fc9e363 (patch) | |
| tree | ed219a1a041af7d4493a957f12e34e51313b0ef8 | |
| parent | 773c2a20182c559b72a2e87b4c2bcc5de1309936 (diff) | |
| download | vyatta-cfg-firewall-7b24a1d602390d12befb29f84b1c3de18fc9e363.tar.gz vyatta-cfg-firewall-7b24a1d602390d12befb29f84b1c3de18fc9e363.zip | |
bugfix 4297: Don't allow modify rulesets on local traffic.
| -rwxr-xr-x | gen-interface-templates.pl | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/gen-interface-templates.pl b/gen-interface-templates.pl index ddbb07a..a00b706 100755 --- a/gen-interface-templates.pl +++ b/gen-interface-templates.pl @@ -224,6 +224,11 @@ foreach my $if_tree ( keys %interface_hash ) { for my $direction (@ruleset_directions) { gen_direction_template( $if_tree, $direction ); foreach my $table (@ruleset_tables) { + if (($direction eq "local") && + (($table eq "modify") || ($table eq "ipv6-modify"))) { + # modify type rules are not used for local traffic + next; + } gen_template( $if_tree, $direction, $table, $if_name ); } } |