From d1812b41740d37199619030690aad23a0116d11d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 28 Nov 2009 07:20:28 -0800 Subject: [PATCH] Revert "Fix a couple of bugs in virtual zones" This reverts commit 22991ac9dd3030c0d918e77efee4f5bc1d266b43. --- Shorewall/Perl/Shorewall/Rules.pm | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 662f88a51..81cdb9199 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -1692,7 +1692,7 @@ sub generate_matrix() { for my $zone ( @zones ) { my $zoneref = find_zone( $zone ); - next if @zones <= 2 && ! ( $zoneref->{options}{complex} || $zoneref->{virtual} || $zoneref->{mark} ); + next if @zones <= 2 && ! $zoneref->{options}{complex}; # # Complex zone and we have more than one non-firewall zone -- create a zone forwarding chain # @@ -1973,7 +1973,7 @@ sub generate_matrix() { # for my $zone1 ( @dest_zones ) { my $zone1ref = find_zone( $zone1 ); - my $virtual1 = $zone1ref->{virtual} << VIRTUAL_BITS; + my $virtual1 = $zone1ref->{virtual}; next if $filter_table->{rules_chain( ${zone}, ${zone1} )}->{policy} eq 'NONE'; @@ -2011,8 +2011,6 @@ sub generate_matrix() { } } } - - add_jump( $frwd_ref, $chain, 0, '-m mark ! --mark 0/' . in_hex( $virtual1 ) . ' ' ) if $virtual1; } else { # # More compilcated case. If the interface is associated with a single simple zone, we try to combine the interface's forwarding chain with the rules chain @@ -2064,18 +2062,14 @@ sub generate_matrix() { match_source_net($net), match_dest_net($net1), $ipsec_out_match ) - ); + ); + add_jump($excl3ref , + $exclusion, + 0, + "-m mark ! --mark 0/" . in_hex($virtual1) . ' ') if $virtual1; + } } - - add_rule ( $excl3ref, - $chain, - join( '', - $match_source_dev, - match_source_net($net), - '-m mark ! --mark 0/', - in_hex( $virtual1 ), - ' ' ) ) if $virtual1; } } }