extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 09:33:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move more 4.2 changes to trunk

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9218 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-31 21:57:34 +00:00
parent 53bd365b46
commit f404b45b8f
2 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -782,13 +782,12 @@ sub generate_script_3($) {
emit ''; emit '';
emit<<'EOF'; emit( 'setup_routing_and_traffic_shaping',
setup_routing_and_traffic_shaping '',
'if [ $COMMAND = restore ]; then',
' iptables_save_file=${VARDIR}/$(basename $0)-iptables',
' if [ -f $iptables_save_file ]; then' );
if [ $COMMAND = restore ]; then
iptables_save_file=${VARDIR}/$(basename $0)-iptables
if [ -f $iptables_save_file ]; then
EOF
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
emit ' cat $iptables_save_file | $IPTABLES_RESTORE # Use this nonsensical form to appease SELinux' emit ' cat $iptables_save_file | $IPTABLES_RESTORE # Use this nonsensical form to appease SELinux'
} else { } else {

13
Shorewall-perl/Shorewall/Rules.pm
View File

@ -347,10 +347,10 @@ sub setup_blacklist() {
my $policy = $capabilities{POLICY_MATCH} ? "-m policy --pol $ipsec --dir in " : ''; my $policy = $capabilities{POLICY_MATCH} ? "-m policy --pol $ipsec --dir in " : '';
my $network = $hostref->[2]; my $network = $hostref->[2];
my $source = match_source_net $network; my $source = match_source_net $network;
my $target = source_exclusion( $hostref->[3], 'blacklst' ); my $target = source_exclusion( $hostref->[3], $chainref );
for my $chain ( first_chains $interface ) { for my $chain ( first_chains $interface ) {
add_rule $filter_table->{$chain} , "${source}${state}${policy}-j $target"; add_jump $filter_table->{$chain} , $chainref, 0, "${source}${state}${policy}";
} }
set_interface_option $interface, 'use_input_chain', 1; set_interface_option $interface, 'use_input_chain', 1;
@ -1759,7 +1759,7 @@ sub generate_matrix() {
add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) ) add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) )
if $hostref->{options}{broadcast}; if $hostref->{options}{broadcast};
move_rules( $filter_table->{output_chain $interface} , $filter_table->{$nextchain} ) unless use_output_chain $interface; move_rules( $filter_table->{output_chain $interface} , $filter_table->{$chain1} ) unless use_output_chain $interface;
} }
clearrule; clearrule;
@ -1792,11 +1792,8 @@ sub generate_matrix() {
} }
if ( $chain2 ) { if ( $chain2 ) {
my $nextchain = source_exclusion( $exclusions, $chain2 ); add_jump $inputchainref, source_exclusion( $exclusions, $chain2 ), 0, join( '', $interfacematch, $source, $ipsec_in_match );
move_rules( $filter_table->{input_chain $interface} , $filter_table->{$chain2} ) unless use_input_chain $interface;
add_jump $inputchainref, $nextchain, 0, join( '', $interfacematch, $source, $ipsec_in_match );
move_rules( $filter_table->{input_chain $interface} , $filter_table->{$nextchain} ) unless use_input_chain $interface;
} }
if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) { if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {