for entry in $ifmap; do
iface=${entry%=*} q=${entry##*=}
eval nets=\$ifnets_$q
- trace "iface $iface [$q] = $nets"
aa=!
for n in $nets; do
eval "addrs=\"\$net_inet_$n \$net_inet6_$n\""
done
eval ifaddrs_$q=\$aa
trace "iface $q = $iface; nets = $nets; addrs = $aa"
-trace "alladdrs = $alladdrs"
done
+trace "alladdrs = $alladdrs"
## Populate the `out-classify' chain, matching networks.
prepare_to () { mode=goto fail=mark-to-$net_class_default; }
-matchnets -d mark-from : prepare_to out-classify "" 0 $allnets
+matchnets -d mark-to : prepare_to out-classify "" 0 $allnets
## A `finish' hook for rejecting known address ranges arriving on a
## default-reachable interface.
## interfaces. We should match an address to a particular interface.
chains=""
for net in $nets; do
- eval hosts=\$net_hosts_$net
+ eval hosts=\$net_hosts_$net class=\$net_class_$net
for host in $hosts; do
eval ha=\$host_inet_$host ha6=\$host_inet6_$host
trace "$host : $class -> $iface"
~mdw / firewall / blobdiff