X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/f513127acd3ccf2f6ec695ba5d9396739bd21aba..cd97af80b48a2a208609a5f8e221cd4d8c6a5d04:/bookends.m4

diff --git a/bookends.m4 b/bookends.m4
index 69a721e..a0731d2 100644
--- a/bookends.m4
+++ b/bookends.m4
@@ -111,6 +111,10 @@ case $host_type_<::>FWHOST in
 esac
 setopt ip_forward $forward
 setdevopt forwarding $forward
+case $forward in
+  0) inchains="INPUT" ;;
+  1) inchains="INPUT FORWARD" ;;
+esac
 
 ## Set dynamic port allocation.
 setopt ip_local_port_range $open_port_min $open_port_max
@@ -207,10 +211,12 @@ case $forward in
 	    -m addrtype --dst-type BROADCAST
     run iptables -A FORWARD -g bad-destination-address \
 	    -d 224.0.0.0/24
+    clearchain check-fwd-multi
     for x in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do
-      run ip6tables -A FORWARD -g bad-destination-address \
-	    -d fe${x}2::/16
+      run ip6tables -A check-fwd-multi -g bad-destination-address \
+	    -d ff${x}2::/16
     done
+    ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
     ;;
 esac