1
0
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-14 01:28:13 +01:00

An optimization

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9062 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-15 01:02:52 +00:00
parent 6099d36334
commit 79f98f73e1

View File

@ -1640,11 +1640,12 @@ sub generate_matrix() {
next if @zones <= 2 && ! $zoneref->{options}{complex};
my $exclusions = $zoneref->{exclusions};
my $frwd_ref = new_standard_chain zone_forward_chain( $zone );
my $frwd_ref;
if ( @$exclusions ) {
my $in_ref = new_standard_chain zone_input_chain $zone;
my $out_ref = new_standard_chain zone_output_chain $zone;
$frwd_ref = new_standard_chain zone_forward_chain( $zone );
add_rule ensure_filter_chain( "${zone}2${zone}", 1 ) , '-j ACCEPT' if rules_target( $zone, $zone ) eq 'ACCEPT';
@ -1668,6 +1669,7 @@ sub generate_matrix() {
if ( use_forward_chain( $interface ) ) {
$sourcechainref = $filter_table->{forward_chain $interface};
} else {
$frwd_ref = new_standard_chain zone_forward_chain( $zone ) unless $frwd_ref;
$sourcechainref = $filter_table->{FORWARD};
$interfacematch = match_source_dev $interface;
move_rules( $filter_table->{forward_chain $interface} , $frwd_ref );
@ -1678,6 +1680,7 @@ sub generate_matrix() {
for my $hostref ( @{$arrayref} ) {
my $ipsec_match = match_ipsec_in $zone , $hostref;
for my $net ( @{$hostref->{hosts}} ) {
$frwd_ref = new_standard_chain zone_forward_chain( $zone ) unless $frwd_ref;
add_jump(
$sourcechainref,
$frwd_ref,