mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-24 23:28:59 +01:00
Make DNAT/MASQ short-circuit dependent on z->fw policy
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8050 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
d4db69739c
commit
755983b38c
@ -1484,6 +1484,7 @@ sub generate_matrix() {
|
||||
my @interfaces = ( all_interfaces );
|
||||
my $preroutingref = ensure_chain 'nat', 'dnat';
|
||||
my @returnstack;
|
||||
my $fw = firewall_zone;
|
||||
#
|
||||
# Special processing for complex zones
|
||||
#
|
||||
@ -1597,7 +1598,7 @@ sub generate_matrix() {
|
||||
add_rule $preroutingref, $_ for ( @returnstack );
|
||||
@returnstack = ();
|
||||
add_rule $preroutingref, join( '', match_source_dev( $interface), $source, $ipsec_in_match, '-j ', $chainref->{name} );
|
||||
push @returnstack, join( '', match_source_dev( $interface), $source, $ipsec_in_match, '-j RETURN' );
|
||||
push @returnstack, join( '', match_source_dev( $interface), $source, $ipsec_in_match, '-j RETURN' ) unless $filter_table->{"${zone}2${fw}"}->{policy} eq 'CONTINUE';
|
||||
}
|
||||
|
||||
if ( $chain2 ) {
|
||||
@ -1830,7 +1831,6 @@ sub generate_matrix() {
|
||||
addnatjump 'POSTROUTING' , masq_chain( $interface ) , match_dest_dev( $interface );
|
||||
}
|
||||
|
||||
my $fw = firewall_zone;
|
||||
my $chainref = $filter_table->{"${fw}2${fw}"};
|
||||
|
||||
add_rule $filter_table->{OUTPUT} , "-o lo -j " . ($chainref->{referenced} ? "$chainref->{name}" : 'ACCEPT' );
|
||||
|
Loading…
Reference in New Issue
Block a user