From 40f3593f698044be536dc0d0480a02b1a20b8e37 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 6 Jun 2007 13:49:30 +0000 Subject: [PATCH] Another fix for NONE policy plus fix broken matrix generation in 6468 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6469 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Policy.pm | 15 +++++++-------- Shorewall-perl/Shorewall/Rules.pm | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm index ade0afb0a..ebcb153eb 100644 --- a/Shorewall-perl/Shorewall/Policy.pm +++ b/Shorewall-perl/Shorewall/Policy.pm @@ -244,14 +244,13 @@ sub validate_policy() # sub policy_rules( $$$$ ) { my ( $chainref , $target, $loglevel, $default ) = @_; - - add_rule $chainref, "-j $default" if $default && $default ne 'none'; - - log_rule $loglevel , $chainref , $target , '' if $loglevel ne ''; - - fatal_error "Null target in policy_rules()" unless $target; - - add_rule $chainref , ( '-j ' . ( $target eq 'REJECT' ? 'reject' : $target ) ) unless $target eq 'CONTINUE'; + + unless ( $target eq 'NONE' ) { + add_rule $chainref, "-j $default" if $default && $default ne 'none'; + log_rule $loglevel , $chainref , $target , '' if $loglevel ne ''; + fatal_error "Null target in policy_rules()" unless $target; + add_rule $chainref , ( '-j ' . ( $target eq 'REJECT' ? 'reject' : $target ) ) unless $target eq 'CONTINUE'; + } } sub report_syn_flood_protection() { diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index d72b1f13a..87c42b8ba 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -1726,7 +1726,7 @@ sub generate_matrix() { # add_rule( $chain3ref , - join( '', match_dest_dev($interface), match_source_net($net), match_dest_net($net1), $ipsec_out_match, "-j $chain" ) + join( '', match_dest_dev($interface1), match_source_net($net), match_dest_net($net1), $ipsec_out_match, "-j $chain" ) ); } }