extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't generate policy chains for fw to bridgeport zones.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-04-16 09:56:11 -07:00
parent 1030c852f9
commit c52a3dcd14
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/Perl/Shorewall/Policy.pm
View File

@ -330,6 +330,7 @@ sub validate_policy()
for $zone ( all_zones ) {
push @policy_chains, ( new_policy_chain $zone, $zone, 'ACCEPT', PROVISIONAL );
push @policy_chains, ( new_policy_chain firewall_zone, $zone, 'NONE', PROVISIONAL ) if zone_type( $zone ) == BPORT;
if ( $config{IMPLICIT_CONTINUE} && ( @{find_zone( $zone )->{parents}} ) ) {
for my $zone1 ( all_zones ) {

2
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1862,7 +1862,7 @@ sub generate_matrix() {
for my $net ( @{$hostref->{hosts}} ) {
my $dest = match_dest_net $net;
if ( $chain1 ) {
if ( $chain1 && zone_type ( $zone) != BPORT ) {
my $chain1ref = $filter_table->{$chain1};
my $nextchain = dest_exclusion( $exclusions, $chain1 );
my $outputref;