X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/firewall/blobdiff_plain/46be9bde8faee6672d63d4b56458488c4c46c265..3a68f6887e27cd5e9369a9c421e417e59acef08b:/functions.m4?ds=inline

diff --git a/functions.m4 b/functions.m4
index 484c30d..ca4519e 100644
--- a/functions.m4
+++ b/functions.m4
@@ -344,7 +344,7 @@ defnetclass () {
 ## As a special case, the NETWORK/MASK can be the string `default', which
 ## indicates that all addresses not matched elsewhere should be considered.
 ifaces=:
-defaultiface=none
+defaultifaces=""
 allnets= allnets6=
 defiface () {
   set -e
@@ -365,9 +365,16 @@ defiface () {
       netclass=${item%:*} addr=${item#*:}
       case $addr in
 	default)
-	  defaultiface=$name
-	  defaultclass=$netclass
-	  run ip46tables -t mangle -A out-classify -g mark-to-$netclass
+	  case "$defaultifaces,$defaultclass" in
+	    ,* | *,$netclass)
+	      defaultifaces="$defaultifaces $name"
+	      defaultclass=$netclass
+	      ;;
+	    *)
+	      echo >&2 "$0: inconsistent default netclasses"
+	      exit 1
+	      ;;
+	  esac
 	  ;;
 	*:*)
 	  run ip6tables -t mangle -A in-$name -g mark-from-$netclass \