extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-26 12:42:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix issues in generate_matrix().

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-02-02 19:42:54 -08:00
parent 096fb29203
commit 9d288241da
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1833,10 +1833,12 @@ sub generate_matrix() {
my $nextchain = dest_exclusion( $exclusions, $chain1 ); my $nextchain = dest_exclusion( $exclusions, $chain1 );
my $outputref; my $outputref;
my $interfacematch = ''; my $interfacematch = '';
my $use_output = 0;
if ( use_output_chain $interface ) { if ( use_output_chain $interface || ( @{$filter_table->{output_chain $interface}->{rules}} && ! $filter_table->{$chain1} ) ) {
$outputref = $filter_table->{output_chain $interface}; $outputref = $filter_table->{output_chain $interface};
add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++; add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++;
$use_output = 1;
} else { } else {
$outputref = $filter_table->{OUTPUT}; $outputref = $filter_table->{OUTPUT};
$interfacematch = match_dest_dev $interface; $interfacematch = match_dest_dev $interface;
@ -1847,7 +1849,7 @@ sub generate_matrix() {
add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) ) add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) )
if $hostref->{options}{broadcast}; if $hostref->{options}{broadcast};
move_rules( $filter_table->{output_chain $interface} , $filter_table->{$chain1} ) unless use_output_chain $interface; move_rules( $filter_table->{output_chain $interface} , $filter_table->{$chain1} ) unless $use_output;
} }
clearrule; clearrule;
@ -1884,10 +1886,12 @@ sub generate_matrix() {
my $inputchainref; my $inputchainref;
my $interfacematch = ''; my $interfacematch = '';
my $use_input;
if ( use_input_chain $interface ) { if ( use_input_chain $interface || ! $chain2 || ( @{$filter_table->{input_chain $interface}->{rules}} && ! $filter_table->{$chain2} ) ) {
$inputchainref = $filter_table->{input_chain $interface}; $inputchainref = $filter_table->{input_chain $interface};
add_jump $filter_table->{INPUT}, $inputchainref, 0, match_source_dev($interface) unless $input_jump_added{$interface}++; add_jump $filter_table->{INPUT}, $inputchainref, 0, match_source_dev($interface) unless $input_jump_added{$interface}++;
$use_input = 1;
} else { } else {
$inputchainref = $filter_table->{INPUT}; $inputchainref = $filter_table->{INPUT};
$interfacematch = match_source_dev $interface; $interfacematch = match_source_dev $interface;
@ -1895,7 +1899,7 @@ sub generate_matrix() {
if ( $chain2 ) { if ( $chain2 ) {
add_jump $inputchainref, source_exclusion( $exclusions, $chain2 ), 0, join( '', $interfacematch, $source, $ipsec_in_match ); add_jump $inputchainref, source_exclusion( $exclusions, $chain2 ), 0, join( '', $interfacematch, $source, $ipsec_in_match );
move_rules( $filter_table->{input_chain $interface} , $filter_table->{$chain2} ) unless use_input_chain $interface; move_rules( $filter_table->{input_chain $interface} , $filter_table->{$chain2} ) unless $use_input;
} }
if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) { if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {

2
Shorewall/changelog.txt
View File

@ -16,6 +16,8 @@ Changes in Shorewall 4.4.7
8) Change default to ADD_IP_ALIASES=No 8) Change default to ADD_IP_ALIASES=No
9) Correct defects in generate_matrix().
Changes in Shorewall 4.4.6 Changes in Shorewall 4.4.6
1) Fix for rp_filter and kernel 2.6.31. 1) Fix for rp_filter and kernel 2.6.31.