From fbf73e1c34fec016b72e64c045d383384c452387 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 9 Apr 2007 17:34:20 +0000 Subject: [PATCH] Fix FASTACCEPT=Yes -- Take 3 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5876 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Accounting.pm | 9 +++++++-- Shorewall-perl/Shorewall/Rules.pm | 6 ------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/Shorewall-perl/Shorewall/Accounting.pm b/Shorewall-perl/Shorewall/Accounting.pm index d5206dbe5..2bc5bbbba 100644 --- a/Shorewall-perl/Shorewall/Accounting.pm +++ b/Shorewall-perl/Shorewall/Accounting.pm @@ -109,7 +109,7 @@ sub process_accounting_rule( $$$$$$$$ ) { } sub setup_accounting() { - + my $first_entry = 1; my $fn = open_file 'accounting'; @@ -127,8 +127,13 @@ sub setup_accounting() { } if ( $filter_table->{accounting} ) { - for my $chain qw/INPUT FORWARD OUTPUT/ { + for my $chain ( qw/INPUT FORWARD OUTPUT/ ) { insert_rule $filter_table->{$chain}, 1, '-j accounting'; + insert_rule $filter_table->{$chain}, 2, '-m state --state ESTABLISHED,RELATED -j ACCEPT' if $config{FASTACCEPT}; + } + } elsif ( $config{FASTACCEPT} ) { + for my $chain ( qw/INPUT FORWARD OUTPUT/ ) { + insert_rule $filter_table->{$chain}, 1, '-m state --state ESTABLISHED,RELATED -j ACCEPT'; } } } diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 580df296e..2202267bc 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -1647,12 +1647,6 @@ sub generate_matrix() { nat=> [ qw/PREROUTING OUTPUT POSTROUTING/ ] , filter=> [ qw/INPUT FORWARD OUTPUT/ ] ); - if ( $config{FASTACCEPT} ) { - for my $chain ( @{$builtins{filter}} ) { - add_rule $filter_table->{$chain}, "-m state --state ESTABLISHED,RELATED -j ACCEPT"; - } - } - complete_standard_chain $filter_table->{INPUT} , 'all' , $firewall_zone; complete_standard_chain $filter_table->{OUTPUT} , $firewall_zone , 'all'; complete_standard_chain $filter_table->{FORWARD} , 'all' , 'all';