From 7b24a1d602390d12befb29f84b1c3de18fc9e363 Mon Sep 17 00:00:00 2001
From: Bob Gilligan <gilligan@vyatta.com>
Date: Fri, 24 Apr 2009 14:30:40 -0700
Subject: bugfix 4297:  Don't allow modify rulesets on local traffic.

---
 gen-interface-templates.pl | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'gen-interface-templates.pl')

diff --git a/gen-interface-templates.pl b/gen-interface-templates.pl
index ddbb07a..a00b706 100755
--- a/gen-interface-templates.pl
+++ b/gen-interface-templates.pl
@@ -224,6 +224,11 @@ foreach my $if_tree ( keys %interface_hash ) {
     for my $direction (@ruleset_directions) {
         gen_direction_template( $if_tree, $direction );
         foreach my $table (@ruleset_tables) {
+	    if (($direction eq "local") &&
+		(($table eq "modify") || ($table eq "ipv6-modify"))) {
+		# modify type rules are not used for local traffic
+		next;
+	    }
             gen_template( $if_tree, $direction, $table, $if_name );
         }
     }
-- 
cgit v1.2.3