extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 12:09:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Pass UNTRACKED packets through the blacklist chain when BLACKLISTNEWONLY=Yes

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-01-26 09:18:20 -08:00
parent 7bc66da663
commit 5fa01728ad
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2332,7 +2332,14 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
$auxref = new_chain 'filter', $auxchain; $auxref = new_chain 'filter', $auxchain;
if ( $blacklist ) { if ( $blacklist ) {
@state = state_imatch( 'NEW,INVALID' ) if $config{BLACKLISTNEWONLY}; if ( $config{BLACKLISTNEWONLY} ) {
if ( have_capability 'RAW_TABLE' ) {
@state = state_imatch( 'NEW,INVALID,UNTRACKED' );
} else {
@state = state_imatch( 'NEW,INVALID' );
}
}
$auxref->{blacklistsection} = 1; $auxref->{blacklistsection} = 1;
} elsif ( $section == INVALID_SECTION ) { } elsif ( $section == INVALID_SECTION ) {
@state = state_imatch( 'INVALID' ); @state = state_imatch( 'INVALID' );