extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-17 10:11:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change policy->{is_optional} to policy->{provisional}

Browse Source 
Signed-off-by: Tom Eastep <teastep@ursa.(none)>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9668 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-03-09 16:28:29 +00:00
parent 4d8137cb61
commit 70570c4a18
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -167,7 +167,7 @@ our $VERSION = '4.3_7';
# %chain_table { <table> => { <chain1> => { name => <chain name> # %chain_table { <table> => { <chain1> => { name => <chain name>
# table => <table name> # table => <table name>
# is_policy => undef|1 -- if 1, this is a policy chain # is_policy => undef|1 -- if 1, this is a policy chain
# is_optional => undef|1 -- See below. # provisional => undef|1 -- See below.
# referenced => undef|1 -- If 1, will be written to the iptables-restore-input. # referenced => undef|1 -- If 1, will be written to the iptables-restore-input.
# builtin => undef|1 -- If 1, one of Netfilter's built-in chains. # builtin => undef|1 -- If 1, one of Netfilter's built-in chains.
# manual => undef|1 -- If 1, a manual chain. # manual => undef|1 -- If 1, a manual chain.
@ -191,8 +191,8 @@ our $VERSION = '4.3_7';
# } # }
# } # }
# #
# 'is_optional' only applies to policy chains; when true, indicates that this is a provisional policy chain which might be # 'provisional' only applies to policy chains; when true, indicates that this is a provisional policy chain which might be
# replaced. Policy chains created under the IMPLICIT_CONTINUE=Yes option are marked with is_optional == 1. # replaced. Policy chains created under the IMPLICIT_CONTINUE=Yes option are marked with provisional == 1.
# #
# Only 'referenced' chains get written to the iptables-restore input. # Only 'referenced' chains get written to the iptables-restore input.
# #

20
Shorewall/Perl/Shorewall/Policy.pm
View File

@ -62,11 +62,11 @@ INIT {
# #
sub convert_to_policy_chain($$$$$) sub convert_to_policy_chain($$$$$)
{ {
my ($chainref, $source, $dest, $policy, $optional ) = @_; my ($chainref, $source, $dest, $policy, $provisional ) = @_;
$chainref->{is_policy} = 1; $chainref->{is_policy} = 1;
$chainref->{policy} = $policy; $chainref->{policy} = $policy;
$chainref->{is_optional} = $optional; $chainref->{provisional} = $provisional;
$chainref->{policychain} = $chainref->{name}; $chainref->{policychain} = $chainref->{name};
$chainref->{policypair} = [ $source, $dest ]; $chainref->{policypair} = [ $source, $dest ];
} }
@ -282,8 +282,8 @@ sub validate_policy()
$chainref = $filter_table->{$chain}; $chainref = $filter_table->{$chain};
if ( $chainref->{is_policy} ) { if ( $chainref->{is_policy} ) {
if ( $chainref->{is_optional} ) { if ( $chainref->{provisional} ) {
$chainref->{is_optional} = 0; $chainref->{provisional} = 0;
$chainref->{policy} = $policy; $chainref->{policy} = $policy;
} else { } else {
fatal_error qq(Policy "$client $server $policy" duplicates earlier policy "@{$chainref->{policypair}} $chainref->{policy}"); fatal_error qq(Policy "$client $server $policy" duplicates earlier policy "@{$chainref->{policypair}} $chainref->{policy}");
@ -403,14 +403,14 @@ sub apply_policy_rules() {
progress_message2 'Applying Policies...'; progress_message2 'Applying Policies...';
for my $chainref ( @policy_chains ) { for my $chainref ( @policy_chains ) {
my $policy = $chainref->{policy}; my $policy = $chainref->{policy};
my $loglevel = $chainref->{loglevel}; my $loglevel = $chainref->{loglevel};
my $optional = $chainref->{is_optional}; my $provisional = $chainref->{provisional};
my $default = $chainref->{default}; my $default = $chainref->{default};
my $name = $chainref->{name}; my $name = $chainref->{name};
if ( $policy ne 'NONE' ) { if ( $policy ne 'NONE' ) {
if ( ! $chainref->{referenced} && ( ! $optional && $policy ne 'CONTINUE' ) ) { if ( ! $chainref->{referenced} && ( ! $provisional && $policy ne 'CONTINUE' ) ) {
ensure_filter_chain $name, 1; ensure_filter_chain $name, 1;
} }