X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/78aaac07301dc78e7676a18be5f23f44f6a4ffe7..6fd217ae2465d315d507e1a58a53d4afa53bde25:/classify.m4

diff --git a/classify.m4 b/classify.m4
index f15c601..5b6f209 100644
--- a/classify.m4
+++ b/classify.m4
@@ -250,7 +250,7 @@ trace "alladdrs = $alladdrs"
 
 ## Populate the `out-classify' chain, matching networks.
 prepare_to () { mode=goto fail=mark-to-$net_class_default; }
-matchnets -d mark-from : prepare_to out-classify "" 0 $allnets
+matchnets -d mark-to : prepare_to out-classify "" 0 $allnets
 
 ## A `finish' hook for rejecting known address ranges arriving on a
 ## default-reachable interface.
@@ -296,7 +296,7 @@ for entry in $ifmap; do
       ## interfaces.  We should match an address to a particular interface.
       chains=""
       for net in $nets; do
-	eval hosts=\$net_hosts_$net
+	eval hosts=\$net_hosts_$net class=\$net_class_$net
 	for host in $hosts; do
 	  eval ha=\$host_inet_$host ha6=\$host_inet6_$host
 	  trace "$host : $class -> $iface"