Don't create 'reject' and AUDIT' in the 'stopped' case.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-12-18 20:30:43 +01:00 · 2011-05-26 14:11:36 -07:00 · 2011-05-26 14:11:36 -07:00 · fbfe7b9f93
commit fbfe7b9f93
parent 0287d96aa2
2 changed files with 13 additions and 10 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -1542,8 +1542,9 @@ sub ensure_manual_chain($) {
 # Add all builtin chains to the chain table -- it is separate from initialize() because it depends on capabilities and configuration.
 # The function also initializes the target table with the pre-defined targets available for the specfied address family.
 #
-sub initialize_chain_table()
-{
+sub initialize_chain_table($) {
+    my $full = shift;
+
    if ( $family == F_IPV4 ) {
 	#
 	#   As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table
@ -1638,11 +1639,13 @@ sub initialize_chain_table()
 	}
    }

-    #
-    # Create these chains early in case they are needed by Policy actions
-    #
-    dont_delete new_standard_chain 'AUDIT', 0 if $config{FAKE_AUDIT};
-    dont_move   new_standard_chain 'reject';
+    if ( $full ) {
+	#
+	# Create these chains early in case they are needed by Policy actions
+	#
+	dont_delete new_standard_chain 'AUDIT', 0 if $config{FAKE_AUDIT};
+	dont_move   new_standard_chain 'reject';
+    }
 }

 #
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@ -610,7 +610,7 @@ sub compiler {
    # Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until
    # shorewall.conf has been processed and the capabilities have been determined.
    #
-    initialize_chain_table;
+    initialize_chain_table(1);

    #
    # Allow user to load Perl modules
@ -817,7 +817,7 @@ sub compiler {
 	# for stopping the firewall
 	#
 	Shorewall::Chains::initialize( $family, 0 , $export );
-	initialize_chain_table;
+	initialize_chain_table(0);
 	#
 	#                           S T O P _ F I R E W A L L
 	#         (Writes the stop_firewall() function to the compiled script)
@ -881,7 +881,7 @@ sub compiler {
 	# environment that it would when called by compile_stop_firewall().
 	#
 	Shorewall::Chains::initialize( $family , 0 , $export );
-	initialize_chain_table;
+	initialize_chain_table(0);

 	if ( $debug ) {
 	    compile_stop_firewall( $test, $export );