-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fw4 assumes ether_addr sets are ipv4 only #16
Comments
To emit expected rule - change: first line of /usr/share/firewall4/templates/rule.uc
-{%+ if (rule.family && !rule.has_addrs): -%}
+{%+ if (rule.family && !rule.has_addrs && length(rule.smacs_pos)!=null ): -%} @jow- may explain why plain |
@f00b4r0 any success editing file? |
@brada4 afaict the change does work, the rule is changed to:
However I can't say for sure whether or not this breaks anything else. |
It does not break anything else, just removes proto specifier in exact reported case. |
When filtering by MAC address, it is usually necessary to filter both IPv4 and IPv6. If it is not allowed to set the family of ipset to any, it will be necessary to create a separate, identical ipset for both IPv4 and IPv6. Fixes: openwrt#16
Given the following uci configuration:
firewall4 produces the following rules:
[...]
The
meta nfproto ipv4
match is unwarranted as the relative set is address agnostic.The text was updated successfully, but these errors were encountered: