extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-16 03:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Fix a couple of bugs in virtual zones"

Browse Source 
This reverts commit 22991ac9dd.
This commit is contained in:
Tom Eastep 2009-11-28 07:20:28 -08:00
parent 038b84e775
commit d1812b4174
1 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1692,7 +1692,7 @@ sub generate_matrix() {
for my $zone ( @zones ) { for my $zone ( @zones ) {
my $zoneref = find_zone( $zone ); my $zoneref = find_zone( $zone );
next if @zones <= 2 && ! ( $zoneref->{options}{complex} || $zoneref->{virtual} || $zoneref->{mark} ); next if @zones <= 2 && ! $zoneref->{options}{complex};
# #
# Complex zone and we have more than one non-firewall zone -- create a zone forwarding chain # Complex zone and we have more than one non-firewall zone -- create a zone forwarding chain
# #
@ -1973,7 +1973,7 @@ sub generate_matrix() {
# #
for my $zone1 ( @dest_zones ) { for my $zone1 ( @dest_zones ) {
my $zone1ref = find_zone( $zone1 ); my $zone1ref = find_zone( $zone1 );
my $virtual1 = $zone1ref->{virtual} << VIRTUAL_BITS; my $virtual1 = $zone1ref->{virtual};
next if $filter_table->{rules_chain( ${zone}, ${zone1} )}->{policy} eq 'NONE'; next if $filter_table->{rules_chain( ${zone}, ${zone1} )}->{policy} eq 'NONE';
@ -2011,8 +2011,6 @@ sub generate_matrix() {
} }
} }
} }
add_jump( $frwd_ref, $chain, 0, '-m mark ! --mark 0/' . in_hex( $virtual1 ) . ' ' ) if $virtual1;
} else { } else {
# #
# More compilcated case. If the interface is associated with a single simple zone, we try to combine the interface's forwarding chain with the rules chain # More compilcated case. If the interface is associated with a single simple zone, we try to combine the interface's forwarding chain with the rules chain
@ -2064,18 +2062,14 @@ sub generate_matrix() {
match_source_net($net), match_source_net($net),
match_dest_net($net1), match_dest_net($net1),
$ipsec_out_match ) $ipsec_out_match )
); );
add_jump($excl3ref ,
$exclusion,
0,
"-m mark ! --mark 0/" . in_hex($virtual1) . ' ') if $virtual1;
} }
} }
add_rule ( $excl3ref,
$chain,
join( '',
$match_source_dev,
match_source_net($net),
'-m mark ! --mark 0/',
in_hex( $virtual1 ),
' ' ) ) if $virtual1;
} }
} }
} }