extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 04:01:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Delete the 'dnat' nat-table chain

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-06-07 13:44:03 -07:00
parent fe7d0730d5
commit d771c6b2c2
1 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -1661,8 +1661,8 @@ sub handle_pio_jumps( $$$$$$$$ ) {
# #
# PREROUTING # PREROUTING
# #
my $dnatref = ensure_chain 'nat' , dnat_chain( $zone ); my $dnatref = $nat_table->{dnat_chain( $zone )};
my $preroutingref = ensure_chain 'nat', 'dnat'; my $preroutingref = $nat_table->{PREROUTING};
my @source = imatch_source_net $net; my @source = imatch_source_net $net;
@ -1677,13 +1677,6 @@ sub handle_pio_jumps( $$$$$$$$ ) {
@source, @source,
@ipsec_in_match ); @ipsec_in_match );
if ( get_physical( $interface ) eq '+' ) {
#
# The jump from the PREROUTING chain to dnat may not have been added above
#
addnatjump 'PREROUTING', 'dnat' unless $preroutingref->{references}{PREROUTING};
}
check_optimization( $dnatref ) if @source; check_optimization( $dnatref ) if @source;
} }
@ -1860,7 +1853,6 @@ sub generate_matrix() {
progress_message2 'Generating Rule Matrix...'; progress_message2 'Generating Rule Matrix...';
progress_message ' Handling complex zones...'; progress_message ' Handling complex zones...';
# #
# Special processing for configurations with more than 2 off-firewall zones or with other special considerations like IPSEC. # Special processing for configurations with more than 2 off-firewall zones or with other special considerations like IPSEC.
# #
@ -1886,6 +1878,10 @@ sub generate_matrix() {
my $nested = @{$zoneref->{parents}}; my $nested = @{$zoneref->{parents}};
my $parenthasnat = 0; my $parenthasnat = 0;
my $parenthasnotrack = 0; my $parenthasnotrack = 0;
#
# Create the zone's dnat chain
#
ensure_chain 'nat', dnat_chain( $zone );
( $nested, $parenthasnat, $parenthasnotrack) = handle_nested_zone( $zone, $zoneref ) if $nested; ( $nested, $parenthasnat, $parenthasnotrack) = handle_nested_zone( $zone, $zoneref ) if $nested;
# #