~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
classify.m4, functions.m4: Multiple interfaces can have default nets.
[firewall] / functions.m4
diff --git a/functions.m4 b/functions.m4
index 484c30d..ca4519e 100644 (file)
--- a/functions.m4
+++ b/functions.m4
@@ -344,7 +344,7 @@ defnetclass () {
 ## As a special case, the NETWORK/MASK can be the string `default', which
 ## indicates that all addresses not matched elsewhere should be considered.
 ifaces=:
-defaultiface=none
+defaultifaces=""
 allnets= allnets6=
 defiface () {
   set -e
@@ -365,9 +365,16 @@ defiface () {
       netclass=${item%:*} addr=${item#*:}
       case $addr in
        default)
-         defaultiface=$name
-         defaultclass=$netclass
-         run ip46tables -t mangle -A out-classify -g mark-to-$netclass
+         case "$defaultifaces,$defaultclass" in
+           ,* | *,$netclass)
+             defaultifaces="$defaultifaces $name"
+             defaultclass=$netclass
+             ;;
+           *)
+             echo >&2 "$0: inconsistent default netclasses"
+             exit 1
+             ;;
+         esac
          ;;
        *:*)
          run ip6tables -t mangle -A in-$name -g mark-from-$netclass \
Firewall scripts for distorted.org.uk.