mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-23 16:13:18 +01:00
Use -A when building an exclusion chain from scratch
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4707 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
e2c84a21be
commit
a1af476c8e
@ -4093,6 +4093,22 @@ activate_rules()
|
||||
done
|
||||
}
|
||||
#
|
||||
# Add a set of exclusions to the end of a chain
|
||||
#
|
||||
add_exclusions() # $1 = table $2 = chain name, $3 - $n = exclusions
|
||||
{
|
||||
local t=$1 c=$2
|
||||
|
||||
shift 2
|
||||
|
||||
for host1 in $*; do
|
||||
interface1=${host1%%:*}
|
||||
networks1=${host1#*:}
|
||||
num=$(($num + 1))
|
||||
run_iptables -t $t -A $c -o $interface1 -d $networks1 -j RETURN
|
||||
done
|
||||
}
|
||||
#
|
||||
# Add jumps to early SNAT chains
|
||||
#
|
||||
for interface in $ALL_INTERFACES; do
|
||||
@ -4305,7 +4321,7 @@ activate_rules()
|
||||
EXCLUSION_SEQ=$(( $EXCLUSION_SEQ + 1 ))
|
||||
eval ${chain}_${zone}_ex=$chain1
|
||||
createchain $chain1 no
|
||||
insert_exclusions filter $chain1 $exclusions1
|
||||
add_exclusions filter $chain1 $exclusions1
|
||||
run_iptables -A $chain1 -j $chain
|
||||
fi
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user