projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
utils: define _GNU_SOURCE to get clearenv()
[project/firewall3.git]
/
iptables.c
diff --git
a/iptables.c
b/iptables.c
index
df0d704
..
694dd4f
100644
(file)
--- a/
iptables.c
+++ b/
iptables.c
@@
-609,7
+609,10
@@
fw3_ipt_rule_in_out(struct fw3_ipt_rule *r,
static void
ip4prefix2mask(int prefix, struct in_addr *mask)
{
static void
ip4prefix2mask(int prefix, struct in_addr *mask)
{
- mask->s_addr = htonl(~((1 << (32 - prefix)) - 1));
+ if (prefix > 0)
+ mask->s_addr = htonl(~((1 << (32 - prefix)) - 1));
+ else
+ mask->s_addr = 0;
}
#ifndef DISABLE_IPV6
}
#ifndef DISABLE_IPV6
@@
-743,11
+746,17
@@
fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
void
fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
{
void
fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
{
+ char buf[sizeof("ff:ff:ff:ff:ff:ff\0")];
+ uint8_t *addr = mac->mac.ether_addr_octet;
+
if (!mac)
return;
if (!mac)
return;
+ sprintf(buf, "%02x:%02x:%02x:%02x:%02x:%02x",
+ addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
+
fw3_ipt_rule_addarg(r, false, "-m", "mac");
fw3_ipt_rule_addarg(r, false, "-m", "mac");
- fw3_ipt_rule_addarg(r, mac->invert, "--mac-source",
ether_ntoa(&mac->mac)
);
+ fw3_ipt_rule_addarg(r, mac->invert, "--mac-source",
buf
);
}
void
}
void