extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-02 10:59:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

A couple of tweaks to the LOAD_HELPERS_ONLY optimization change.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-01-25 15:59:31 -08:00
parent fb007bc1c7
commit 1556002b54
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/Perl/Shorewall/Config.pm
View File

@ -737,15 +737,19 @@ sub cleanup() {
unlink ( $perlscriptname ), $perlscriptname = undef if $perlscriptname;
unlink ( @tempfiles ), @tempfiles = () if @tempfiles;
#
# Delete termprary chains
# Delete temporary chains
#
if ( $sillyname ) {
#
# We went through determine_capabilities()
#
qt1( "$iptables -F $sillyname" );
qt1( "$iptables -X $sillyname" );
qt1( "$iptables -F $sillyname1" );
qt1( "$iptables -X $sillyname1" );
qt1( "$iptables -t mangle -F $sillyname" );
qt1( "$iptables -t mangle -X $sillyname" );
$sillyname = '';
}
}
@ -2072,11 +2076,16 @@ sub Nat_Enabled() {
sub Persistent_Snat() {
have_capability 'NAT_ENABLED' || return '';
my $result = '';
if ( qt1( "$iptables -t nat -N $sillyname" ) ) {
$capabilities{PERSISTENT_SNAT} = qt1( "$iptables -t nat -A $sillyname -j SNAT --to-source 1.2.3.4 --persistent" );
$result = qt1( "$iptables -t nat -A $sillyname -j SNAT --to-source 1.2.3.4 --persistent" );
qt1( "$iptables -t nat -F $sillyname" );
qt1( "$iptables -t nat -X $sillyname" );
}
$result;
}
sub Mangle_Enabled() {

4
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -402,6 +402,7 @@ sub process_zone( \$ ) {
}
if ( $type eq IPSEC ) {
require_capability 'POLICY_MATCH' , 'IPSEC zones', '';
for ( @parents ) {
unless ( $zones{$_}{type} == IPSEC ) {
set_super( $zones{$_} );
@ -1215,6 +1216,7 @@ sub process_host( ) {
for my $option ( @options ) {
if ( $option eq 'ipsec' ) {
require_capability 'POLICY_MATCH' , q(The 'ipsec' option), 's';
$type = IPSEC;
$zoneref->{options}{complex} = 1;
$ipsec = 1;
@ -1274,8 +1276,6 @@ sub validate_hosts_file()
$ipsec |= process_host while read_a_line;
require_capability( 'POLICY_MATCH', 'ipsec zones or hosts', '' ) if $have_ipsec = $ipsec || haveipseczones;
}
#