Fix Handling of NFQUEUE(queue-num) in policies

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-02-25 08:44:28 -08:00
parent 4059fe6956
commit 7fe7ebc891
3 changed files with 7 additions and 1 deletions

View File

@ -635,7 +635,7 @@ sub add_jump( $$$;$$$ ) {
# #
# Ensure that we have the chain unless it is a builtin like 'ACCEPT' # Ensure that we have the chain unless it is a builtin like 'ACCEPT'
# #
$toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{ $to }; $toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{$to} || $to =~ / /; #If the target has options, it must be a builtin.
} }
# #

View File

@ -10,6 +10,8 @@ Changes in Shorewall 4.4.8
5) Fix Debian init script exit status 5) Fix Debian init script exit status
6) Fix NFQUEUE(queue-num) in policy
Changes in Shorewall 4.4.7 Changes in Shorewall 4.4.7
1) Backport optimization changes from 4.5. 1) Backport optimization changes from 4.5.

View File

@ -243,6 +243,10 @@ I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
init script would still return a success (zero) exit status. It now init script would still return a success (zero) exit status. It now
returns a failure status (1) when the command fails. returns a failure status (1) when the command fails.
9) Previously, if a queue number was specified in an NFQUEUE policy
(e.g., NFQUEUE(0)), invalid iptables-restore input would be
generated.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. K N O W N P R O B L E M S R E M A I N I N G I V. K N O W N P R O B L E M S R E M A I N I N G
---------------------------------------------------------------------------- ----------------------------------------------------------------------------