extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-21 15:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correct classic blacklisting

Browse Source 
- No filtering in the OUTPUT chain
- Correct ipsec filtering

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2024-03-07 12:26:59 -08:00
parent f1317f919f
commit 0ecf0703dc
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -1106,12 +1106,11 @@ sub add_common_rules ( $ ) {
}
if ( $setting & DBL_CLASSIC ) {
add_ijump_extended( $input_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state );
add_ijump_extended( $forward_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state );
add_ijump_extended( $output_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state ) if $setting & DBL_DST;
add_ijump_extended( $input_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state, @in_policy );
add_ijump_extended( $forward_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state, @in_policy );
}
} # Exclusion
} # Dynamic Blacklisting
#
# Finish FASTACCEPT
#
@ -1120,8 +1119,9 @@ sub add_common_rules ( $ ) {
add_ijump_extended( $filter_table->{$_}, j => 'ACCEPT', $origin{FASTACCEPT}, state_imatch $faststate )->{comment} = '';
}
}
} #Not loopback interface
}
} # Interface Loop
#
# Delete 'sfilter' chains unless there are referenced to them
#