extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Clean up generate_matrix() fix.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-02-03 06:57:51 -08:00
parent 9d288241da
commit 52880a8822
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1830,13 +1830,15 @@ sub generate_matrix() {
my $dest = match_dest_net $net;
if ( $chain1 ) {
my $chain1ref = $filter_table->{$chain1};
my $nextchain = dest_exclusion( $exclusions, $chain1 );
my $outputref;
my $interfacechainref = $filter_table->{output_chain $interface};
my $interfacematch = '';
my $use_output = 0;
if ( use_output_chain $interface || ( @{$filter_table->{output_chain $interface}->{rules}} && ! $filter_table->{$chain1} ) ) {
$outputref = $filter_table->{output_chain $interface};
if ( use_output_chain $interface || ( @{$interfacechainref->{rules}} && ! $chain1ref ) ) {
$outputref = $interfacechainref;
add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++;
$use_output = 1;
} else {
@ -1849,7 +1851,7 @@ sub generate_matrix() {
add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) )
if $hostref->{options}{broadcast};
move_rules( $filter_table->{output_chain $interface} , $filter_table->{$chain1} ) unless $use_output;
move_rules( $interfacechainref , $chain1ref ) unless $use_output;
}
clearrule;
@ -1884,12 +1886,14 @@ sub generate_matrix() {
add_rule $raw_table->{PREROUTING}, join( '', match_source_dev( $interface), $source, $ipsec_in_match, '-j RETURN' ) if $parenthasnotrack;
}
my $chain2ref = $filter_table->{$chain2};
my $inputchainref;
my $interfacechainref = $filter_table->{input_chain $interface};
my $interfacematch = '';
my $use_input;
if ( use_input_chain $interface || ! $chain2 || ( @{$filter_table->{input_chain $interface}->{rules}} && ! $filter_table->{$chain2} ) ) {
$inputchainref = $filter_table->{input_chain $interface};
if ( use_input_chain $interface || ! $chain2 || ( @{$interfacechainref->{rules}} && ! $chain2ref ) ) {
$inputchainref = $interfacechainref;
add_jump $filter_table->{INPUT}, $inputchainref, 0, match_source_dev($interface) unless $input_jump_added{$interface}++;
$use_input = 1;
} else {
@ -1899,7 +1903,7 @@ sub generate_matrix() {
if ( $chain2 ) {
add_jump $inputchainref, source_exclusion( $exclusions, $chain2 ), 0, join( '', $interfacematch, $source, $ipsec_in_match );
move_rules( $filter_table->{input_chain $interface} , $filter_table->{$chain2} ) unless $use_input;
move_rules( $interfacechainref , $chain2ref ) unless $use_input;
}
if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {