extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-08 00:34:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Another fix for blacklisting; correct composition of $hosts1

Browse Source
This commit is contained in:
Tom Eastep 2010-09-14 06:47:29 -07:00
parent 0f913fca2f
commit 1f2691b052
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -4055,6 +4055,7 @@ sub create_chainlist_reload($) {
unless ( @chains ) { unless ( @chains ) {
@chains = qw( blacklst ) if $filter_table->{blacklst}; @chains = qw( blacklst ) if $filter_table->{blacklst};
push @chains, 'blackout' if $filter_table->{blackout};
push @chains, 'mangle:' if have_capability( 'MANGLE_ENABLED' ) && $config{MANGLE_ENABLED}; push @chains, 'mangle:' if have_capability( 'MANGLE_ENABLED' ) && $config{MANGLE_ENABLED};
$chains = join( ',', @chains ) if @chains; $chains = join( ',', @chains ) if @chains;
} }

6
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -214,18 +214,18 @@ sub add_rule_pair( $$$$ ) {
sub setup_blacklist() { sub setup_blacklist() {
my $hosts = find_hosts_by_option1 'blacklist', BL_IN; my $hosts = find_hosts_by_option1 'blacklist', BL_IN;
my $hosts1 = find_hosts_by_option1 'blacklist', BL_IN | BL_OUT; my $hosts1 = find_hosts_by_option1 'blacklist', BL_OUT;
my $chainref; my $chainref;
my $chainref1; my $chainref1;
my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' }; my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition; my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
# #
# We go ahead and generate the blacklist chain and jump to it, even if it turns out to be empty. That is necessary # We go ahead and generate the blacklist chains and jump to them, even if they turn out to be empty. That is necessary
# for 'refresh' to work properly. # for 'refresh' to work properly.
# #
if ( @$hosts || @$hosts1 ) { if ( @$hosts || @$hosts1 ) {
$chainref = dont_delete new_standard_chain 'blacklst' if @$hosts; $chainref = dont_delete new_standard_chain 'blacklst' if @$hosts;
$chainref1 = new_chain( 'filter', 'blackout' ) if @$hosts1; $chainref1 = dont_delete new_standard_chain 'blackout' if @$hosts || @$hosts1;
if ( defined $level && $level ne '' ) { if ( defined $level && $level ne '' ) {
my $logchainref = new_standard_chain 'blacklog'; my $logchainref = new_standard_chain 'blacklog';