From 231c5dbca0971470fe2962ba1c6ddfbc0266b2c4 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 19 May 2012 08:15:20 -0700 Subject: [PATCH] Eliminate need to call optimize_policy_chains() when OPTIMIZE 4 is selected Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 13 +++++++++++-- Shorewall/Perl/Shorewall/Compiler.pm | 4 ++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 23e2080fe..866f2e6e6 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -3312,7 +3312,7 @@ sub optimize_level4( $$ ) { } else { # # Chain has more than one rule. If the last rule is a simple jump, then delete - # all preceding rules that have the same target + # all immediately preceding rules that have the same target # my $rulesref = $chainref->{rules}; my $lastref = $rulesref->[-1]; @@ -3337,7 +3337,16 @@ sub optimize_level4( $$ ) { $rule--; } - push @$rulesref, $lastref; #Now restore the last simple rule + if ( @$rulesref || ! $chainref->{builtin} || $target !~ /^(ACCEPT|DROP|REJECT)$/ ) { + push @$rulesref, $lastref; # Restore the last simple rule + } else { + # + #empty builtin chain -- change it's policy + # + $chainref->{policy} = $target; + trace( $chainref, 'P', undef, 'ACCEPT' ) if $debug; + $count++; + } progress_message " $count $target rules deleted from chain $chainref->{name}" if $count; } diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 19cbde0f2..47cc71648 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -812,12 +812,12 @@ sub compiler { optimize_level0; - if ( $config{OPTIMIZE} & 0x1E ) { + if ( ( my $optimize = $config{OPTIMIZE} ) & 0x1E ) { progress_message2 'Optimizing Ruleset...'; # # Optimize Policy Chains # - optimize_policy_chains if $config{OPTIMIZE} & 2; + optimize_policy_chains if $optimize & 6 == 2; # Level 2 but not 4 # # More Optimization #