From f8b7815375da0918925621bc59491e78cb52b37c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 4 Jul 2020 09:49:28 -0700 Subject: [PATCH] Call optimize_policy_chains() after doing other ruleset optimization - This insures that ACCEPT policy chains are optimized when EXPAND_POLICIES=No Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Compiler.pm | 20 ++++++++++---------- Shorewall/Perl/Shorewall/Config.pm | 4 ---- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index a9578106d..c2670bfd3 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -858,13 +858,13 @@ sub compiler { if ( ( my $optimize = $config{OPTIMIZE} ) & OPTIMIZE_MASK ) { progress_message2 'Optimizing Ruleset...'; # - # Optimize Policy Chains - # - optimize_policy_chains if ( $optimize & OPTIMIZE_POLICY_MASK2n4 ) == OPTIMIZE_POLICY_MASK; # Level 2 but not 4 - # - # More Optimization + # Optimize the ruleet # optimize_ruleset if $config{OPTIMIZE} & OPTIMIZE_RULESET_MASK; + # + # Optimize Policy Chains + # + optimize_policy_chains; } enable_script; @@ -928,16 +928,16 @@ sub compiler { optimize_level0; - if ( ( my $optimize = $config{OPTIMIZE} ) & 0x1e ) { + if ( ( my $optimize = $config{OPTIMIZE} ) & OPTIMIZE_MASK ) { progress_message2 'Optimizing Ruleset...'; # - # Optimize Policy Chains - # - optimize_policy_chains if ( $optimize & OPTIMIZE_POLICY_MASK2n4 ) == OPTIMIZE_POLICY_MASK; # Level 2 but not 4 - # # Ruleset Optimization # optimize_ruleset if $optimize & OPTIMIZE_RULESET_MASK; + # + # Optimize Policy Chains + # + optimize_policy_chains; } enable_script if $debug; diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index ceac0c6b8..e56aea638 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -310,8 +310,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script NORMAL_READ OPTIMIZE_MASK - OPTIMIZE_POLICY_MASK - OPTIMIZE_POLICY_MASK2n4 OPTIMIZE_RULESET_MASK OPTIMIZE_ALL ) , ] , @@ -554,8 +552,6 @@ use constant { # Optimization masks (OPTIMIZE option) # use constant { - OPTIMIZE_POLICY_MASK => 0x02 , # Call optimize_policy_chains() - OPTIMIZE_POLICY_MASK2n4 => 0x06 , OPTIMIZE_RULESET_MASK => 0x1C , # Call optimize_ruleset() OPTIMIZE_MASK => 0x1E , # Do optimizations beyond level 1 OPTIMIZE_ALL => 0x1F , # Maximum value for documented categories.