extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-14 09:38:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

An optimization

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9062 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-15 01:02:52 +00:00
parent 6099d36334
commit 79f98f73e1
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall-perl/Shorewall/Rules.pm
View File

@ -1640,11 +1640,12 @@ sub generate_matrix() {
next if @zones <= 2 && ! $zoneref->{options}{complex}; next if @zones <= 2 && ! $zoneref->{options}{complex};
my $exclusions = $zoneref->{exclusions}; my $exclusions = $zoneref->{exclusions};
my $frwd_ref = new_standard_chain zone_forward_chain( $zone ); my $frwd_ref;
if ( @$exclusions ) { if ( @$exclusions ) {
my $in_ref = new_standard_chain zone_input_chain $zone; my $in_ref = new_standard_chain zone_input_chain $zone;
my $out_ref = new_standard_chain zone_output_chain $zone; my $out_ref = new_standard_chain zone_output_chain $zone;
$frwd_ref = new_standard_chain zone_forward_chain( $zone );
add_rule ensure_filter_chain( "${zone}2${zone}", 1 ) , '-j ACCEPT' if rules_target( $zone, $zone ) eq 'ACCEPT'; add_rule ensure_filter_chain( "${zone}2${zone}", 1 ) , '-j ACCEPT' if rules_target( $zone, $zone ) eq 'ACCEPT';
@ -1668,6 +1669,7 @@ sub generate_matrix() {
if ( use_forward_chain( $interface ) ) { if ( use_forward_chain( $interface ) ) {
$sourcechainref = $filter_table->{forward_chain $interface}; $sourcechainref = $filter_table->{forward_chain $interface};
} else { } else {
$frwd_ref = new_standard_chain zone_forward_chain( $zone ) unless $frwd_ref;
$sourcechainref = $filter_table->{FORWARD}; $sourcechainref = $filter_table->{FORWARD};
$interfacematch = match_source_dev $interface; $interfacematch = match_source_dev $interface;
move_rules( $filter_table->{forward_chain $interface} , $frwd_ref ); move_rules( $filter_table->{forward_chain $interface} , $frwd_ref );
@ -1678,6 +1680,7 @@ sub generate_matrix() {
for my $hostref ( @{$arrayref} ) { for my $hostref ( @{$arrayref} ) {
my $ipsec_match = match_ipsec_in $zone , $hostref; my $ipsec_match = match_ipsec_in $zone , $hostref;
for my $net ( @{$hostref->{hosts}} ) { for my $net ( @{$hostref->{hosts}} ) {
$frwd_ref = new_standard_chain zone_forward_chain( $zone ) unless $frwd_ref;
add_jump( add_jump(
$sourcechainref, $sourcechainref,
$frwd_ref, $frwd_ref,