extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 16:43:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correct classic blacklisting

Browse Source 
- No filtering in the OUTPUT chain
- Correct ipsec filtering

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2024-03-07 12:26:59 -08:00
parent f1317f919f
commit 0ecf0703dc
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -1106,12 +1106,11 @@ sub add_common_rules ( $ ) {
} }
if ( $setting & DBL_CLASSIC ) { if ( $setting & DBL_CLASSIC ) {
add_ijump_extended( $input_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state ); add_ijump_extended( $input_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state, @in_policy );
add_ijump_extended( $forward_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state ); add_ijump_extended( $forward_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state, @in_policy );
add_ijump_extended( $output_option_chainref, j => $classic_target_chain, $origin{DYNAMIC_BLACKLIST}, @state ) if $setting & DBL_DST;
} }
} # Exclusion } # Dynamic Blacklisting
# #
# Finish FASTACCEPT # Finish FASTACCEPT
# #
@ -1120,8 +1119,9 @@ sub add_common_rules ( $ ) {
add_ijump_extended( $filter_table->{$_}, j => 'ACCEPT', $origin{FASTACCEPT}, state_imatch $faststate )->{comment} = ''; add_ijump_extended( $filter_table->{$_}, j => 'ACCEPT', $origin{FASTACCEPT}, state_imatch $faststate )->{comment} = '';
} }
} }
} #Not loopback interface } #Not loopback interface
} } # Interface Loop
# #
# Delete 'sfilter' chains unless there are referenced to them # Delete 'sfilter' chains unless there are referenced to them
# #