From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 11 Mar 2012 23:58:09 +0000 (+0000)
Subject: Overhaul address classification for link-local and non-unicast addresses.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/44f9582788168b13a9163138f5e55bba889712e7?hp=44f9582788168b13a9163138f5e55bba889712e7

Overhaul address classification for link-local and non-unicast addresses.

The previous attempts just weren't working.  Intead, assign them their
own classes, and work things using the forwarding masks.  There's a
minor wrinkle, that we must handle forwarded packets differently from
inbound ones if they involve link-local addresses, but this is handled
with a fixup in the mangle INPUT chain.

The other significant change here is that the mangle table is now
responsible for selecting packets with bogus destination addresses for
rejection -- though it can't do the rejection itself because of a
kernel restriction.
---