extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 04:01:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Restore lost function from merging 4.4.24

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-10-10 16:51:27 -07:00
parent a10909f791
commit ede17cb771
1 changed files with 3 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -768,7 +768,7 @@ sub finish_chain_section ($$) {
push_comment(''); #These rules should not have comments push_comment(''); #These rules should not have comments
add_ijump $chainref, j => 'ACCEPT', state_imatch $state unless $config{FASTACCEPT} || $chainref->{accepted}; add_ijump $chainref, j => 'ACCEPT', state_imatch $state unless $config{FASTACCEPT};
if ($sections{NEW} ) { if ($sections{NEW} ) {
if ( $chainref->{is_policy} ) { if ( $chainref->{is_policy} ) {
@ -1949,18 +1949,9 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) {
unless ( $blacklistref ) { unless ( $blacklistref ) {
my @state; my @state;
$blacklistref = dont_move( new_chain( 'filter', $blacklistchain ) ); $blacklistref = new_chain 'filter', $blacklistchain;
$blacklistref->{blacklistsection} = 1; $blacklistref->{blacklistsection} = 1;
@state = state_imatch( 'NEW,INVALID' ) if $config{BLACKLISTNEWONLY};
if ( $config{BLACKLISTNEWONLY} ) {
#
# Rather than add a 'NEW,INVALID' state match, we want to
# install the ACCEPT ESTABLISH,RELATED rule in the main chain
#
add_ijump( $chainref, j => 'ACCEPT', state_imatch( 'ESTABLISHED,RELATED' ) );
$chainref->{accepted} = 1;
}
add_ijump( $chainref, j => $blacklistref, @state ); add_ijump( $chainref, j => $blacklistref, @state );
} }