[ previous ] [ next ] [ threads ]
 
 From:  Kolia <nika at hotmail dot ge>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Transparent bridge
 Date:  Thu, 15 Jul 2004 17:00:53 +0400
Hi guys,

Finally I found the bug in the '/etc/inc/filter.inc' that was causing 
lock-up of m0n0wall while putting OPT1 interface in the bridge mode. 
Look at this code in the 'filter_rules_generate()' function:
......
       /* OPT spoof check */
       foreach ($optcfg as $on => $oc) {
               $ipfrules .= filter_rules_spoofcheck_generate($on,$oc['if'], $oc['sa'], $oc['sn'],
$log);
       }
......

if an OPTn interface is put in the bridging mode, no ip address/mask is 
associated with it so $oc['sa'] and $oc['sn'] are blank and call to 
'filter_rules_spoofcheck_generate' returns following ipf rule:

block in log quick on xl2 ! / to any
			   ^^^

ipf stops processing of rules after this one so m0n0 box gets locked. To 
avoid this I modified above code like this
......
/* OPT spoof check */
       foreach ($optcfg as $on => $oc) {
               if ( !$oc['bridge']) //No spoof check is necessary for bridged interfaces
                       $ipfrules .= filter_rules_spoofcheck_generate($on, $oc['if'], $oc['sa'],
$oc['sn'], $log);
       }
......

Hope this will be fixed in the next releases.

Cheers,
Kolia