extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-14 11:44:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Match section rules to the number of mark rules

Browse Source
This commit is contained in:
Tom Eastep 2009-11-26 17:12:11 -08:00
parent 251d7116c8
commit 1699d8e941
2 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1148,7 +1148,17 @@ sub finish_chain_section ($$) {
$comment = ''; $comment = '';
add_rule $chainref, "-m state --state $state -j ACCEPT" unless $config{FASTACCEPT}; unless ( $config{FASTACCEPT} ) {
if ( $chainref->{marked} ) {
if ( $chainref->{marked} == @{$chainref->{rules}} ) {
insert_rule( $chainref, 0, "-m state --state $state -j ACCEPT" );
} else {
add_rule $chainref, "-m state --state $state -j ACCEPT";
}
} else {
add_rule $chainref, "-m state --state $state -j ACCEPT";
}
}
if ($sections{NEW} ) { if ($sections{NEW} ) {
if ( $chainref->{is_policy} ) { if ( $chainref->{is_policy} ) {

6
Shorewall/Perl/Shorewall/Policy.pm
View File

@ -136,10 +136,8 @@ sub add_or_modify_policy_chain( $$ ) {
my $mark = defined_zone( $zone )->{mark}; my $mark = defined_zone( $zone )->{mark};
my $mark1 = defined_zone( $zone1 )->{mark} << VIRTUAL_BITS; my $mark1 = defined_zone( $zone1 )->{mark} << VIRTUAL_BITS;
add_rule $chainref, '-j MARK --or-mark ' . in_hex($mark) if $mark && $zone1 eq firewall_zone; $chainref->{marked} = 1, add_rule $chainref, '-j MARK --or-mark ' . in_hex($mark) if $mark && $zone1 eq firewall_zone;
add_rule $chainref, '-j MARK --or-mark ' . in_hex($mark1) if $mark1; $chainref->{marked}++ , add_rule $chainref, '-j MARK --or-mark ' . in_hex($mark1) if $mark1;
$chainref->{marked} = 1;
} }
} }