extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 09:33:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move more 4.2 changes to trunk

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9218 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-31 21:57:34 +00:00
parent 53bd365b46
commit f404b45b8f
2 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -782,13 +782,12 @@ sub generate_script_3($) {
emit '';
emit<<'EOF';
setup_routing_and_traffic_shaping
emit( 'setup_routing_and_traffic_shaping',
'',
'if [ $COMMAND = restore ]; then',
' iptables_save_file=${VARDIR}/$(basename $0)-iptables',
' if [ -f $iptables_save_file ]; then' );
if [ $COMMAND = restore ]; then
iptables_save_file=${VARDIR}/$(basename $0)-iptables
if [ -f $iptables_save_file ]; then
EOF
if ( $family == F_IPV4 ) {
emit ' cat $iptables_save_file | $IPTABLES_RESTORE # Use this nonsensical form to appease SELinux'
} else {

13
Shorewall-perl/Shorewall/Rules.pm
View File

@ -347,10 +347,10 @@ sub setup_blacklist() {
my $policy = $capabilities{POLICY_MATCH} ? "-m policy --pol $ipsec --dir in " : '';
my $network = $hostref->[2];
my $source = match_source_net $network;
my $target = source_exclusion( $hostref->[3], 'blacklst' );
my $target = source_exclusion( $hostref->[3], $chainref );
for my $chain ( first_chains $interface ) {
add_rule $filter_table->{$chain} , "${source}${state}${policy}-j $target";
add_jump $filter_table->{$chain} , $chainref, 0, "${source}${state}${policy}";
}
set_interface_option $interface, 'use_input_chain', 1;
@ -1759,7 +1759,7 @@ sub generate_matrix() {
add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) )
if $hostref->{options}{broadcast};
move_rules( $filter_table->{output_chain $interface} , $filter_table->{$nextchain} ) unless use_output_chain $interface;
move_rules( $filter_table->{output_chain $interface} , $filter_table->{$chain1} ) unless use_output_chain $interface;
}
clearrule;
@ -1792,11 +1792,8 @@ sub generate_matrix() {
}
if ( $chain2 ) {
my $nextchain = source_exclusion( $exclusions, $chain2 );
add_jump $inputchainref, $nextchain, 0, join( '', $interfacematch, $source, $ipsec_in_match );
move_rules( $filter_table->{input_chain $interface} , $filter_table->{$nextchain} ) unless use_input_chain $interface;
add_jump $inputchainref, source_exclusion( $exclusions, $chain2 ), 0, join( '', $interfacematch, $source, $ipsec_in_match );
move_rules( $filter_table->{input_chain $interface} , $filter_table->{$chain2} ) unless use_input_chain $interface;
}
if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {