mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Fix a 4.3 bug in expand_rule().
Don't repeat matches on target rule when log chain is used. Signed-off-by: Tom Eastep <teastep@shorewall.net> git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9841 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
28e84a6aba
commit
20cfd0033c
@ -2632,7 +2632,7 @@ sub expand_rule( $$$$$$$$$$ )
|
|||||||
$onets = ALLIP unless $onets;
|
$onets = ALLIP unless $onets;
|
||||||
|
|
||||||
fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl);
|
fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl);
|
||||||
fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $iexcl || $trivialdexcl);
|
fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $dexcl || $trivialdexcl);
|
||||||
|
|
||||||
if ( $iexcl || $dexcl || $oexcl ) {
|
if ( $iexcl || $dexcl || $oexcl ) {
|
||||||
#
|
#
|
||||||
@ -2643,7 +2643,7 @@ sub expand_rule( $$$$$$$$$$ )
|
|||||||
my $echain = newexclusionchain;
|
my $echain = newexclusionchain;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Use the current rule and sent all possible matches to the exclusion chain
|
# Use the current rule and send all possible matches to the exclusion chain
|
||||||
#
|
#
|
||||||
for my $onet ( mysplit $onets ) {
|
for my $onet ( mysplit $onets ) {
|
||||||
$onet = match_orig_dest $onet;
|
$onet = match_orig_dest $onet;
|
||||||
@ -2701,10 +2701,17 @@ sub expand_rule( $$$$$$$$$$ )
|
|||||||
|
|
||||||
if ( $loglevel ne '' ) {
|
if ( $loglevel ne '' ) {
|
||||||
if ( $disposition ne 'LOG' ) {
|
if ( $disposition ne 'LOG' ) {
|
||||||
|
#
|
||||||
|
# Create a chain that both logs and applies the target action
|
||||||
|
#
|
||||||
my $logchainref = new_chain $chainref->{table}, newlogchain;
|
my $logchainref = new_chain $chainref->{table}, newlogchain;
|
||||||
|
#
|
||||||
|
# Jump to the log chain if all of the rule's conditions are met
|
||||||
|
#
|
||||||
add_jump( $chainref, $logchainref, $builtin_target{$disposition}, $rule, 1 );
|
add_jump( $chainref, $logchainref, $builtin_target{$disposition}, $rule, 1 );
|
||||||
|
|
||||||
|
$rule = '';
|
||||||
|
|
||||||
log_rule_limit(
|
log_rule_limit(
|
||||||
$loglevel ,
|
$loglevel ,
|
||||||
$chainref = $logchainref ,
|
$chainref = $logchainref ,
|
||||||
|
Loading…
Reference in New Issue
Block a user