From d9e14ffa1c5cac04720ed075b0677ac12e2c0d51 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 10 Jun 2007 16:42:34 +0000 Subject: [PATCH] Work around restriction in 2.6.21 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6506 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Accounting.pm | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/Shorewall-perl/Shorewall/Accounting.pm b/Shorewall-perl/Shorewall/Accounting.pm index 501b859eb..26c3a53e4 100644 --- a/Shorewall-perl/Shorewall/Accounting.pm +++ b/Shorewall-perl/Shorewall/Accounting.pm @@ -58,7 +58,9 @@ sub process_accounting_rule( $$$$$$$$$ ) { "-j $jumpchain"; } - $chain = 'accounting' unless $chain and $chain ne '-'; + unless ( $chain and $chain ne '-' ) { + $chain = $source =~ /^$firewall_zone:?/ ? 'accountout' : 'accounting'; + } my $chainref = ensure_filter_chain $chain , 0; @@ -138,15 +140,22 @@ sub setup_accounting() { } if ( $filter_table->{accounting} ) { - for my $chain ( qw/INPUT FORWARD OUTPUT/ ) { + for my $chain ( qw/INPUT FORWARD/ ) { insert_rule $filter_table->{$chain}, 1, '-j accounting'; insert_rule $filter_table->{$chain}, 2, '-m state --state ESTABLISHED,RELATED -j ACCEPT' if $config{FASTACCEPT}; } } elsif ( $config{FASTACCEPT} ) { - for my $chain ( qw/INPUT FORWARD OUTPUT/ ) { + for my $chain ( qw/INPUT FORWARD/ ) { insert_rule $filter_table->{$chain}, 1, '-m state --state ESTABLISHED,RELATED -j ACCEPT'; } } + + if ( $filter_table->{accountout} ) { + insert_rule $filter_table->{OUTPUT}, 1, '-j accountout'; + insert_rule $filter_table->{OUTPUT}, 2, '-m state --state ESTABLISHED,RELATED -j ACCEPT' if $config{FASTACCEPT}; + } elsif ( $config{FASTACCEPT} ) { + insert_rule $filter_table->{OUTPUT}, 1, '-m state --state ESTABLISHED,RELATED -j ACCEPT'; + } } 1;