mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-20 21:30:44 +01:00
Don't create 'reject' and AUDIT' in the 'stopped' case.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
0287d96aa2
commit
fbfe7b9f93
@ -1542,8 +1542,9 @@ sub ensure_manual_chain($) {
|
|||||||
# Add all builtin chains to the chain table -- it is separate from initialize() because it depends on capabilities and configuration.
|
# Add all builtin chains to the chain table -- it is separate from initialize() because it depends on capabilities and configuration.
|
||||||
# The function also initializes the target table with the pre-defined targets available for the specfied address family.
|
# The function also initializes the target table with the pre-defined targets available for the specfied address family.
|
||||||
#
|
#
|
||||||
sub initialize_chain_table()
|
sub initialize_chain_table($) {
|
||||||
{
|
my $full = shift;
|
||||||
|
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
#
|
#
|
||||||
# As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table
|
# As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table
|
||||||
@ -1638,11 +1639,13 @@ sub initialize_chain_table()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
if ( $full ) {
|
||||||
# Create these chains early in case they are needed by Policy actions
|
#
|
||||||
#
|
# Create these chains early in case they are needed by Policy actions
|
||||||
dont_delete new_standard_chain 'AUDIT', 0 if $config{FAKE_AUDIT};
|
#
|
||||||
dont_move new_standard_chain 'reject';
|
dont_delete new_standard_chain 'AUDIT', 0 if $config{FAKE_AUDIT};
|
||||||
|
dont_move new_standard_chain 'reject';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -610,7 +610,7 @@ sub compiler {
|
|||||||
# Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until
|
# Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until
|
||||||
# shorewall.conf has been processed and the capabilities have been determined.
|
# shorewall.conf has been processed and the capabilities have been determined.
|
||||||
#
|
#
|
||||||
initialize_chain_table;
|
initialize_chain_table(1);
|
||||||
|
|
||||||
#
|
#
|
||||||
# Allow user to load Perl modules
|
# Allow user to load Perl modules
|
||||||
@ -817,7 +817,7 @@ sub compiler {
|
|||||||
# for stopping the firewall
|
# for stopping the firewall
|
||||||
#
|
#
|
||||||
Shorewall::Chains::initialize( $family, 0 , $export );
|
Shorewall::Chains::initialize( $family, 0 , $export );
|
||||||
initialize_chain_table;
|
initialize_chain_table(0);
|
||||||
#
|
#
|
||||||
# S T O P _ F I R E W A L L
|
# S T O P _ F I R E W A L L
|
||||||
# (Writes the stop_firewall() function to the compiled script)
|
# (Writes the stop_firewall() function to the compiled script)
|
||||||
@ -881,7 +881,7 @@ sub compiler {
|
|||||||
# environment that it would when called by compile_stop_firewall().
|
# environment that it would when called by compile_stop_firewall().
|
||||||
#
|
#
|
||||||
Shorewall::Chains::initialize( $family , 0 , $export );
|
Shorewall::Chains::initialize( $family , 0 , $export );
|
||||||
initialize_chain_table;
|
initialize_chain_table(0);
|
||||||
|
|
||||||
if ( $debug ) {
|
if ( $debug ) {
|
||||||
compile_stop_firewall( $test, $export );
|
compile_stop_firewall( $test, $export );
|
||||||
|
Loading…
Reference in New Issue
Block a user