From 703bc88bfdefbddfd450c48646adef78896508a0 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 24 Jul 2011 15:06:42 -0700 Subject: [PATCH] Move merge_rules() back to where it was. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 87 +++++++++++++++--------------- 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 02c317d00..3e7c5808b 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -787,9 +787,50 @@ sub format_rule( $$;$ ) { } # -# Trace a change to the chain table +# Merge two rules. # - +sub merge_rules( $$$ ) { + my ( $tableref, $toref, $fromref ) = @_; + + my $target = $fromref->{target}; + # + # Since the 'to' rule is a jump to a chain containing the 'from' rule, we + # assume that common unique option values are compatible (such as 'tcp' and + # 'tcp ! syn'). + # + for my $option ( @unique_options ) { + $toref->{$option} = $fromref->{$option} if exists $fromref->{$option}; + } + + for my $option ( grep ! $opttype{$_}, keys %$fromref ) { + set_rule_option( $toref, $option, $fromref->{$option} ); + } + + unless ( $toref->{state} ) { + set_rule_option ( $toref, 'state', $fromref->{state} ) if $fromref->{state}; + } + + set_rule_option( $toref, 'policy', $fromref->{policy} ) if exists $fromref->{policy}; + + + unless ( $toref->{comment} ) { + $toref->{comment} = $fromref->{comment} if exists $fromref->{comment}; + } + + $toref->{target} = $target; + + if ( my $targetref = $tableref->{$target} ) { + return $targetref; + } else { + $toref->{targetopts} = $fromref->{targetopts} if $fromref->{targetopts}; + $toref->{jump} = 'j'; + return ''; + } +} + +# +# Trace a change to the chain table +# sub trace( $$$$ ) { my ($chainref, $action, $rulenum, $message) = @_; @@ -2341,48 +2382,6 @@ sub replace_references( $$$ ) { delete_chain $chainref; } -# -# Merge two rules. -# -sub merge_rules( $$$ ) { - my ( $tableref, $toref, $fromref ) = @_; - - my $target = $fromref->{target}; - # - # Since the 'to' rule is a jump to a chain containing the 'from' rule, we - # assume that common unique option values are compatible (such as 'tcp' and - # 'tcp ! syn'). - # - for my $option ( @unique_options ) { - $toref->{$option} = $fromref->{$option} if exists $fromref->{$option}; - } - - for my $option ( grep ! $opttype{$_}, keys %$fromref ) { - set_rule_option( $toref, $option, $fromref->{$option} ); - } - - unless ( $toref->{state} ) { - set_rule_option ( $toref, 'state', $fromref->{state} ) if $fromref->{state}; - } - - set_rule_option( $toref, 'policy', $fromref->{policy} ) if exists $fromref->{policy}; - - - unless ( $toref->{comment} ) { - $toref->{comment} = $fromref->{comment} if exists $fromref->{comment}; - } - - $toref->{target} = $target; - - if ( my $targetref = $tableref->{$target} ) { - return $targetref; - } else { - $toref->{targetopts} = $fromref->{targetopts} if $fromref->{targetopts}; - $toref->{jump} = 'j'; - return ''; - } -} - # # Replace jumps to the passed chain with jumps to the target of the passed rule while merging # options and matches