Simplify move_rules()

This commit is contained in:
Tom Eastep 2010-09-17 13:49:32 -07:00
parent 7a6943fa54
commit ad660d7fe5
2 changed files with 13 additions and 24 deletions

View File

@ -700,8 +700,7 @@ sub move_rules( $$ ) {
my $rules = $chain2->{rules};
my $count = @{$chain1->{rules}};
my $tableref = $chain_table{$chain1->{table}};
my @frozen = ();
my $frozen = $chain2->{frozen} || 0;
my $frozen = $chain2->{frozen};
#
# We allow '+' in chain names and '+' is an RE meta-character. Escape it.
#
@ -710,29 +709,19 @@ sub move_rules( $$ ) {
for ( @{$chain1->{rules}} ) {
adjust_reference_counts( $tableref->{$1}, $name1, $name2 ) if / -[jg] ([^\s]+)/;
}
#
# Get the frozen rules out of the way for the moment
#
$chain2->{frozen} += $chain1->{frozen};
unshift @frozen, shift @$rules while $frozen--;
if ( $debug ) {
my $rule = @{$chain1->{rules}};
trace( $chain2, 'A', ++$rule, $_ ) for @{$chain1->{rules}};
}
splice @$rules, $chain2->{frozen}, 0, @{$chain1->{rules}};
unshift @$rules, @{$chain1->{rules}};
#
# Now re-add the frozen rules at the front
#
unshift @$rules, @frozen;
$chain2->{referenced} = 1;
unless ( $chain2->{frozen} += $chain1->{frozen} ) {
#
# In a firewall->x policy chain, multiple DHCP ACCEPT rules can be moved to the head of the chain.
# This hack avoids that.
#
shift @{$rules} while @{$rules} > 1 && $rules->[0] eq $rules->[1];
}
$chain2->{referenced} = 1;
delete_chain $chain1;
$count;

View File

@ -314,7 +314,7 @@ sub parse_zone_option_list($$)
#
# Hash of options that have their own key in the returned hash.
#
my %key = ( mss => NOFW , blacklist => NOFW );
my %key = ( mss => UNRESTRICTED , blacklist => NOFW );
my ( $list, $zonetype ) = @_;
my %h;