extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 03:31:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '4.4.24'

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-10-08 17:07:12 -07:00
commit 661606ef95
2 changed files with 9 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -377,7 +377,7 @@ sub setup_nat() {
while ( read_a_line ) { while ( read_a_line ) {
my ( $external, $interfacelist, $internal, $allints, $localnat ) = split_line1 'nat file', { external => 1, interface => 1, internal => 2, allints => 3, localnat => 4 }; my ( $external, $interfacelist, $internal, $allints, $localnat ) = split_line1 'nat file', { external => 0, interface => 1, internal => 2, allints => 3, localnat => 4 };
if ( $external eq 'COMMENT' ) { if ( $external eq 'COMMENT' ) {
process_comment; process_comment;

25
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1777,7 +1777,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) {
if ( $actiontype & (NATRULE | NONAT | NATONLY ) ) { if ( $actiontype & (NATRULE | NONAT | NATONLY ) ) {
$targets{$inaction} |= NATRULE if $inaction; $targets{$inaction} |= NATRULE if $inaction;
fatal_error "NAT rules are not allowed in the BLACKLIST section" if $blacklist; fatal_error "NAT rules are only allowed in the NEW section" unless $section eq 'NEW';
} }
# #
# Take care of irregular syntax and targets # Take care of irregular syntax and targets
@ -2172,11 +2172,11 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) {
my $chn; my $chn;
if ( $inaction ) { if ( $inaction ) {
$nonat_chain = ensure_chain 'nat', $chain; $nonat_chain = ensure_chain( 'nat', $chain );
} elsif ( $sourceref->{type} == FIREWALL ) { } elsif ( $sourceref->{type} == FIREWALL ) {
$nonat_chain = $nat_table->{OUTPUT}; $nonat_chain = $nat_table->{OUTPUT};
} else { } else {
$nonat_chain = ensure_chain 'nat', dnat_chain $sourcezone; $nonat_chain = ensure_chain( 'nat', dnat_chain( $sourcezone ) );
my @interfaces = keys %{zone_interfaces $sourcezone}; my @interfaces = keys %{zone_interfaces $sourcezone};
@ -2217,6 +2217,8 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) {
} }
} }
dont_move( dont_optimize( $nonat_chain ) ) if $tgt eq 'RETURN';
expand_rule( $nonat_chain , expand_rule( $nonat_chain ,
PREROUTE_RESTRICT , PREROUTE_RESTRICT ,
$rule , $rule ,
@ -2228,19 +2230,6 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) {
$log_action , $log_action ,
'', '',
); );
#
# Possible optimization if the rule just generated was a simple jump to the nonat chain
#
if ( $chn && ${$nonat_chain->{rules}}[-1] eq "-A -j $tgt" ) {
#
# It was -- delete that rule
#
pop @{$nonat_chain->{rules}};
#
# And move the rules from the nonat chain to the zone dnat chain
#
move_rules ( $chn, $nonat_chain );
}
} }
# #
@ -2251,6 +2240,8 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) {
if ( $actiontype & ACTION ) { if ( $actiontype & ACTION ) {
$action = $usedactions{$normalized_target}{name}; $action = $usedactions{$normalized_target}{name};
$loglevel = ''; $loglevel = '';
} else {
dont_move( dont_optimize ( $chainref ) ) if $action eq 'RETURN';
} }
if ( $origdest ) { if ( $origdest ) {
@ -2265,7 +2256,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) {
verify_audit( $action ) if $actiontype & AUDIT; verify_audit( $action ) if $actiontype & AUDIT;
expand_rule( ensure_chain( 'filter', $chain ) , expand_rule( $chainref ,
$restriction , $restriction ,
$rule , $rule ,
$source , $source ,