mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-25 15:48:56 +01:00
In copy_rules(), handle the unlikely case where both chains have blacklist jumps.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
f7db24f756
commit
74abd4ad54
@ -610,7 +610,9 @@ sub add_reference ( $$ ) {
|
|||||||
# Chain reference , Rule Number, Rule
|
# Chain reference , Rule Number, Rule
|
||||||
#
|
#
|
||||||
# In the first function, the rule number is zero-relative. In the second function,
|
# In the first function, the rule number is zero-relative. In the second function,
|
||||||
# the rule number is one-relative.
|
# the rule number is one-relative. In the first function, if the rule number is < 0, then
|
||||||
|
# the rule is a jump to a blacklist chain (blacklst or blackout). The rule will be
|
||||||
|
# inserted at the front of the chain and the chain's 'blacklist' member is incremented.
|
||||||
#
|
#
|
||||||
sub insert_rule1($$$)
|
sub insert_rule1($$$)
|
||||||
{
|
{
|
||||||
@ -692,7 +694,7 @@ sub increment_reference_count( $$ ) {
|
|||||||
#
|
#
|
||||||
# The rules generated by interface options are added to the interfaces's input chain and
|
# The rules generated by interface options are added to the interfaces's input chain and
|
||||||
# forward chain. Shorewall::Rules::generate_matrix() may decide to move those rules to
|
# forward chain. Shorewall::Rules::generate_matrix() may decide to move those rules to
|
||||||
# the head of a rules chain (behind any blacklist rules already there).
|
# the head of a rules chain (behind any blacklist rule already there).
|
||||||
|
|
||||||
sub move_rules( $$ ) {
|
sub move_rules( $$ ) {
|
||||||
my ($chain1, $chain2 ) = @_;
|
my ($chain1, $chain2 ) = @_;
|
||||||
@ -759,6 +761,11 @@ sub copy_rules( $$ ) {
|
|||||||
|
|
||||||
my $last = pop @$rules2; # Delete the jump to chain1
|
my $last = pop @$rules2; # Delete the jump to chain1
|
||||||
|
|
||||||
|
if ( $blacklist2 && $blacklist1 ) {
|
||||||
|
shift @rules1;
|
||||||
|
assert( ! --$chain1->{blacklist} );
|
||||||
|
$blacklist1 = 0;
|
||||||
|
}
|
||||||
#
|
#
|
||||||
# Chain2 is now a referent of all of Chain1's targets
|
# Chain2 is now a referent of all of Chain1's targets
|
||||||
#
|
#
|
||||||
@ -767,14 +774,14 @@ sub copy_rules( $$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $blacklist1 ) {
|
if ( $blacklist1 ) {
|
||||||
if ( $debug ) {
|
assert( $blacklist1 == 1 );
|
||||||
my $rule = @$rules2;
|
|
||||||
trace( $chain2, 'A', ++$rule, $_ ) for @rules1;
|
|
||||||
}
|
|
||||||
|
|
||||||
splice @$rules2, $blacklist2, 0, splice( @rules1, 0, $blacklist1 );
|
trace( $chain2, 'A', 1 , $rules1[0]) if $debug;
|
||||||
|
|
||||||
$chain2->{blacklist} += $blacklist1;
|
unshift @$rules2, shift @rules1;
|
||||||
|
|
||||||
|
$chain1->{blacklist} = 0;
|
||||||
|
$chain2->{blacklist} = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $debug ) {
|
if ( $debug ) {
|
||||||
|
Loading…
Reference in New Issue
Block a user