Fix a 4.3 bug in expand_rule().

Don't repeat matches on target rule when log chain is used.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9841 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-04-10 19:47:39 +00:00
parent 28e84a6aba
commit 20cfd0033c

View File

@ -2632,7 +2632,7 @@ sub expand_rule( $$$$$$$$$$ )
$onets = ALLIP unless $onets; $onets = ALLIP unless $onets;
fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl); fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl);
fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $iexcl || $trivialdexcl); fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $dexcl || $trivialdexcl);
if ( $iexcl || $dexcl || $oexcl ) { if ( $iexcl || $dexcl || $oexcl ) {
# #
@ -2643,7 +2643,7 @@ sub expand_rule( $$$$$$$$$$ )
my $echain = newexclusionchain; my $echain = newexclusionchain;
# #
# Use the current rule and sent all possible matches to the exclusion chain # Use the current rule and send all possible matches to the exclusion chain
# #
for my $onet ( mysplit $onets ) { for my $onet ( mysplit $onets ) {
$onet = match_orig_dest $onet; $onet = match_orig_dest $onet;
@ -2701,10 +2701,17 @@ sub expand_rule( $$$$$$$$$$ )
if ( $loglevel ne '' ) { if ( $loglevel ne '' ) {
if ( $disposition ne 'LOG' ) { if ( $disposition ne 'LOG' ) {
#
# Create a chain that both logs and applies the target action
#
my $logchainref = new_chain $chainref->{table}, newlogchain; my $logchainref = new_chain $chainref->{table}, newlogchain;
#
# Jump to the log chain if all of the rule's conditions are met
#
add_jump( $chainref, $logchainref, $builtin_target{$disposition}, $rule, 1 ); add_jump( $chainref, $logchainref, $builtin_target{$disposition}, $rule, 1 );
$rule = '';
log_rule_limit( log_rule_limit(
$loglevel , $loglevel ,
$chainref = $logchainref , $chainref = $logchainref ,