Implement RENAME_COMBINED

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-02-22 12:20:02 -08:00
parent 88547f5140
commit c1a74b54fc
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
13 changed files with 37 additions and 1 deletions

View File

@ -3980,7 +3980,7 @@ sub optimize_level8( $$$ ) {
'', # Origin
1 ); # Recalculate digests of modified chains
unless ( $chainref->{name} =~ /^~/ || $chainref1->{name} =~ /^%/ ) {
if ( $config{RENAME_COMBINED} && $chainref->{name} !~ /^[~%]/ ) {
#
# For simple use of the BLACKLIST section, we can end up with many identical
# chains. To distinguish them from other renamed chains, we keep track of

View File

@ -995,6 +995,7 @@ sub initialize( $;$$$) {
BALANCE_PROVIDERS => undef ,
PERL_HASH_SEED => undef ,
USE_NFLOG_SIZE => undef ,
RENAME_COMBINED => undef ,
#
# Packet Disposition
#
@ -6540,6 +6541,7 @@ sub get_configuration( $$$ ) {
default_yes_no 'AUTOCOMMENT' , 'Yes';
default_yes_no 'MULTICAST' , '';
default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
default_yes_no 'RENAME_COMBINED' , 'Yes';
if ( supplied ( $val = $config{TRACK_RULES} ) ) {
if ( lc( $val ) eq 'file' ) {

View File

@ -217,6 +217,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=Yes
RESTART=restart

View File

@ -228,6 +228,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart

View File

@ -225,6 +225,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart

View File

@ -228,6 +228,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart

View File

@ -217,6 +217,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart

View File

@ -2447,6 +2447,20 @@ INLINE - - - ;; -j REJECT
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">RENAME_COMBINED=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem>
<para>Added in Shorewall 5.2.0. Traditionally, when OPTIMIZE
category 8 is enabled, identical chains are combined under a name
beginning with '~comb' or '~blacklist'. This behavior is maintained
under the default setting RENAME_COMBINED=Yes. If
RENAMED_COMBINED=No, the chains are combined under the original name
of one of the chains.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">REQUIRE_INTERFACE=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>

View File

@ -200,6 +200,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=Yes
RESTART=restart

View File

@ -201,6 +201,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart

View File

@ -200,6 +200,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart

View File

@ -200,6 +200,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart

View File

@ -200,6 +200,8 @@ PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart