holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Move zone mss handling to the Rules File

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-03-12 15:59:35 -07:00
parent acb2e2a8ab
commit 01d99d4873
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -709,10 +709,6 @@ sub compiler {
# Proxy Arp/Ndp
#
setup_proxy_arp;
#
# Handle MSS settings in the zones file
#
setup_zone_mss;
if ( $scriptfilename || $debug ) {
emit 'return 0';

16
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2458,6 +2458,13 @@ sub process_rule ( ) {
progress_message qq( Rule "$thisline" $done);
}
sub intrazone_allowed( $$ ) {
my ( $zone, $zoneref ) = @_;
$zoneref->{options}{complex} &&
$filter_table->{rules_chain( $zone, $zone )}{policy} ne 'NONE';
}
#
# Add jumps to the blacklst and blackout chains
#
@ -2484,7 +2491,7 @@ sub classic_blacklist() {
my $ruleschain = rules_chain( $zone, $zone1 );
my $ruleschainref = $filter_table->{$ruleschain};
if ( ( $zone ne $zone1 || $ruleschainref->{referenced} ) && $ruleschainref->{policy} ne 'NONE' ) {
if ( $zone ne $zone1 || intrazone_allowed( $zone, $zoneref ) ) {
add_ijump( ensure_rules_chain( $ruleschain ), j => $blackref, @state );
}
}
@ -2501,7 +2508,7 @@ sub classic_blacklist() {
my $ruleschain = rules_chain( $zone1, $zone );
my $ruleschainref = $filter_table->{$ruleschain};
if ( ( $zone ne $zone1 || $ruleschainref->{referenced} ) && $ruleschainref->{policy} ne 'NONE' ) {
if ( ( $zone ne $zone1 || intrazone_allowed( $zone, $zoneref ) ) ) {
add_ijump( ensure_rules_chain( $ruleschain ), j => $blackref, @state );
}
}
@ -2568,6 +2575,11 @@ sub process_rules( $ ) {
add_interface_options( $blrules );
#
# Handle MSS settings in the zones file
#
setup_zone_mss;
$fn = open_file 'rules';
if ( $fn ) {