mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-12 16:48:12 +01:00
Simplify move_rules()
This commit is contained in:
parent
ab78aac3a4
commit
3d0f8e962e
@ -700,8 +700,7 @@ sub move_rules( $$ ) {
|
|||||||
my $rules = $chain2->{rules};
|
my $rules = $chain2->{rules};
|
||||||
my $count = @{$chain1->{rules}};
|
my $count = @{$chain1->{rules}};
|
||||||
my $tableref = $chain_table{$chain1->{table}};
|
my $tableref = $chain_table{$chain1->{table}};
|
||||||
my @frozen = ();
|
my $frozen = $chain2->{frozen};
|
||||||
my $frozen = $chain2->{frozen} || 0;
|
|
||||||
#
|
#
|
||||||
# We allow '+' in chain names and '+' is an RE meta-character. Escape it.
|
# We allow '+' in chain names and '+' is an RE meta-character. Escape it.
|
||||||
#
|
#
|
||||||
@ -710,29 +709,19 @@ sub move_rules( $$ ) {
|
|||||||
for ( @{$chain1->{rules}} ) {
|
for ( @{$chain1->{rules}} ) {
|
||||||
adjust_reference_counts( $tableref->{$1}, $name1, $name2 ) if / -[jg] ([^\s]+)/;
|
adjust_reference_counts( $tableref->{$1}, $name1, $name2 ) if / -[jg] ([^\s]+)/;
|
||||||
}
|
}
|
||||||
#
|
|
||||||
# Get the frozen rules out of the way for the moment
|
splice @$rules, $chain2->{frozen}, 0, @{$chain1->{rules}};
|
||||||
#
|
|
||||||
$chain2->{frozen} += $chain1->{frozen};
|
|
||||||
unshift @frozen, shift @$rules while $frozen--;
|
|
||||||
|
|
||||||
if ( $debug ) {
|
|
||||||
my $rule = @{$chain1->{rules}};
|
|
||||||
trace( $chain2, 'A', ++$rule, $_ ) for @{$chain1->{rules}};
|
|
||||||
}
|
|
||||||
|
|
||||||
unshift @$rules, @{$chain1->{rules}};
|
|
||||||
#
|
|
||||||
# Now re-add the frozen rules at the front
|
|
||||||
#
|
|
||||||
unshift @$rules, @frozen;
|
|
||||||
#
|
|
||||||
# In a firewall->x policy chain, multiple DHCP ACCEPT rules can be moved to the head of the chain.
|
|
||||||
# This hack avoids that.
|
|
||||||
#
|
|
||||||
shift @{$rules} while @{$rules} > 1 && $rules->[0] eq $rules->[1];
|
|
||||||
|
|
||||||
$chain2->{referenced} = 1;
|
$chain2->{referenced} = 1;
|
||||||
|
|
||||||
|
unless ( $chain2->{frozen} += $chain1->{frozen} ) {
|
||||||
|
#
|
||||||
|
# In a firewall->x policy chain, multiple DHCP ACCEPT rules can be moved to the head of the chain.
|
||||||
|
# This hack avoids that.
|
||||||
|
#
|
||||||
|
shift @{$rules} while @{$rules} > 1 && $rules->[0] eq $rules->[1];
|
||||||
|
}
|
||||||
|
|
||||||
delete_chain $chain1;
|
delete_chain $chain1;
|
||||||
|
|
||||||
$count;
|
$count;
|
||||||
|
@ -314,7 +314,7 @@ sub parse_zone_option_list($$)
|
|||||||
#
|
#
|
||||||
# Hash of options that have their own key in the returned hash.
|
# Hash of options that have their own key in the returned hash.
|
||||||
#
|
#
|
||||||
my %key = ( mss => NOFW , blacklist => NOFW );
|
my %key = ( mss => UNRESTRICTED , blacklist => NOFW );
|
||||||
|
|
||||||
my ( $list, $zonetype ) = @_;
|
my ( $list, $zonetype ) = @_;
|
||||||
my %h;
|
my %h;
|
||||||
|
Loading…
Reference in New Issue
Block a user