From 69817007bf6838c719bb52ec770b16b42b688f41 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 9 Sep 2010 14:53:12 -0700 Subject: [PATCH] Some more fixes for blacklisting --- Shorewall/Perl/Shorewall/Rules.pm | 4 ++-- manpages/shorewall-interfaces.xml | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 4eaf37592..27b9f03a0 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -323,7 +323,7 @@ sub setup_blacklist() { progress_message " Type 1 blacklisting enabled on ${interface}:${network}"; } - if ( @{$chainref1->{rules}} ) { + if ( $chainref1 && @{$chainref1->{rules}} ) { for my $hostref ( @$hosts1 ) { my $interface = $hostref->[0]; my $ipsec = $hostref->[1]; @@ -1874,7 +1874,7 @@ sub generate_matrix() { my $fw = firewall_zone; my $notrackref = $raw_table->{notrack_chain $fw}; my $state = $config{BLACKLISTNEWONLY} ? $globals{UNTRACKED} ? "$globals{STATEMATCH} NEW,INVALID,UNTRACKED " : "$globals{STATEMATCH} NEW,INVALID " : ''; - my $blackout = @{$filter_table->{blackout}{rules}}; + my $blackout = $filter_table->{blackout} && @{$filter_table->{blackout}{rules}}; my @zones = off_firewall_zones; my @vservers = vserver_zones; my $interface_jumps_added = 0; diff --git a/manpages/shorewall-interfaces.xml b/manpages/shorewall-interfaces.xml index cba931940..da7470785 100644 --- a/manpages/shorewall-interfaces.xml +++ b/manpages/shorewall-interfaces.xml @@ -249,8 +249,9 @@ loc eth2 - - Output blacklisting. Traffic entering on this - interface is passed against the entries in Output blacklisting. Forward traffic that entered + through this interface is passed against the entries in + shorewall-blacklist(5) that have the to option.