forked from extern/shorewall_code
Ensure that move_rules doesn't crash in NONAT case
This commit is contained in:
parent
55045ace4b
commit
0204ea46a6
@ -73,6 +73,7 @@ our %EXPORT_TAGS = (
|
||||
|
||||
add_commands
|
||||
move_rules
|
||||
move_rules1
|
||||
insert_rule1
|
||||
purge_jump
|
||||
add_tunnel_rule
|
||||
@ -690,6 +691,29 @@ sub move_rules( $$ ) {
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Like above except it returns 0 if it can't move the rules
|
||||
#
|
||||
sub move_rules1( $$ ) {
|
||||
my ($chain1, $chain2 ) = @_;
|
||||
|
||||
if ( $chain1->{referenced} ) {
|
||||
my @rules = @{$chain1->{rules}};
|
||||
|
||||
for ( @rules ) {
|
||||
return 0 unless /^-A/;
|
||||
}
|
||||
|
||||
splice @{$chain2->{rules}}, 0, 0, @rules;
|
||||
|
||||
$chain2->{referenced} = 1;
|
||||
$chain1->{referenced} = 0;
|
||||
$chain1->{rules} = [];
|
||||
}
|
||||
|
||||
1;
|
||||
}
|
||||
|
||||
#
|
||||
# Transform the passed interface name into a legal shell variable name.
|
||||
#
|
||||
|
@ -1358,13 +1358,13 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
|
||||
#
|
||||
if ( $chn && ${$nonat_chain->{rules}}[-1] eq "-A -j $tgt" ) {
|
||||
#
|
||||
# It was -- delete that rule
|
||||
# It was -- delete that rule
|
||||
#
|
||||
pop @{$nonat_chain->{rules}};
|
||||
#
|
||||
# And move the rules from the nonat chain to the zone dnat chain
|
||||
#
|
||||
move_rules ( $chn, $nonat_chain );
|
||||
add_rule( $nonat_chain, "-j $tgt" ) unless move_rules ( $chn, $nonat_chain );
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user