extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Clean up generate_matrix() fix.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-02-03 06:57:51 -08:00
parent 9d288241da
commit 52880a8822
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1830,13 +1830,15 @@ sub generate_matrix() {
my $dest = match_dest_net $net; my $dest = match_dest_net $net;
if ( $chain1 ) { if ( $chain1 ) {
my $chain1ref = $filter_table->{$chain1};
my $nextchain = dest_exclusion( $exclusions, $chain1 ); my $nextchain = dest_exclusion( $exclusions, $chain1 );
my $outputref; my $outputref;
my $interfacechainref = $filter_table->{output_chain $interface};
my $interfacematch = ''; my $interfacematch = '';
my $use_output = 0; my $use_output = 0;
if ( use_output_chain $interface || ( @{$filter_table->{output_chain $interface}->{rules}} && ! $filter_table->{$chain1} ) ) { if ( use_output_chain $interface || ( @{$interfacechainref->{rules}} && ! $chain1ref ) ) {
$outputref = $filter_table->{output_chain $interface}; $outputref = $interfacechainref;
add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++; add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++;
$use_output = 1; $use_output = 1;
} else { } else {
@ -1849,7 +1851,7 @@ sub generate_matrix() {
add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) ) add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) )
if $hostref->{options}{broadcast}; if $hostref->{options}{broadcast};
move_rules( $filter_table->{output_chain $interface} , $filter_table->{$chain1} ) unless $use_output; move_rules( $interfacechainref , $chain1ref ) unless $use_output;
} }
clearrule; clearrule;
@ -1884,12 +1886,14 @@ sub generate_matrix() {
add_rule $raw_table->{PREROUTING}, join( '', match_source_dev( $interface), $source, $ipsec_in_match, '-j RETURN' ) if $parenthasnotrack; add_rule $raw_table->{PREROUTING}, join( '', match_source_dev( $interface), $source, $ipsec_in_match, '-j RETURN' ) if $parenthasnotrack;
} }
my $chain2ref = $filter_table->{$chain2};
my $inputchainref; my $inputchainref;
my $interfacechainref = $filter_table->{input_chain $interface};
my $interfacematch = ''; my $interfacematch = '';
my $use_input; my $use_input;
if ( use_input_chain $interface || ! $chain2 || ( @{$filter_table->{input_chain $interface}->{rules}} && ! $filter_table->{$chain2} ) ) { if ( use_input_chain $interface || ! $chain2 || ( @{$interfacechainref->{rules}} && ! $chain2ref ) ) {
$inputchainref = $filter_table->{input_chain $interface}; $inputchainref = $interfacechainref;
add_jump $filter_table->{INPUT}, $inputchainref, 0, match_source_dev($interface) unless $input_jump_added{$interface}++; add_jump $filter_table->{INPUT}, $inputchainref, 0, match_source_dev($interface) unless $input_jump_added{$interface}++;
$use_input = 1; $use_input = 1;
} else { } else {
@ -1899,7 +1903,7 @@ sub generate_matrix() {
if ( $chain2 ) { if ( $chain2 ) {
add_jump $inputchainref, source_exclusion( $exclusions, $chain2 ), 0, join( '', $interfacematch, $source, $ipsec_in_match ); add_jump $inputchainref, source_exclusion( $exclusions, $chain2 ), 0, join( '', $interfacematch, $source, $ipsec_in_match );
move_rules( $filter_table->{input_chain $interface} , $filter_table->{$chain2} ) unless $use_input; move_rules( $interfacechainref , $chain2ref ) unless $use_input;
} }
if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) { if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {