holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Ensure that move_rules doesn't crash in NONAT case

Browse Source
This commit is contained in:
Tom Eastep 2009-07-16 15:59:59 -07:00
parent 55045ace4b
commit 0204ea46a6
2 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -73,6 +73,7 @@ our %EXPORT_TAGS = (
add_commands add_commands
move_rules move_rules
move_rules1
insert_rule1 insert_rule1
purge_jump purge_jump
add_tunnel_rule add_tunnel_rule
@ -690,6 +691,29 @@ sub move_rules( $$ ) {
} }
} }
#
# Like above except it returns 0 if it can't move the rules
#
sub move_rules1( $$ ) {
my ($chain1, $chain2 ) = @_;
if ( $chain1->{referenced} ) {
my @rules = @{$chain1->{rules}};
for ( @rules ) {
return 0 unless /^-A/;
}
splice @{$chain2->{rules}}, 0, 0, @rules;
$chain2->{referenced} = 1;
$chain1->{referenced} = 0;
$chain1->{rules} = [];
}
1;
}
# #
# Transform the passed interface name into a legal shell variable name. # Transform the passed interface name into a legal shell variable name.
# #

4
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1358,13 +1358,13 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
# #
if ( $chn && ${$nonat_chain->{rules}}[-1] eq "-A -j $tgt" ) { if ( $chn && ${$nonat_chain->{rules}}[-1] eq "-A -j $tgt" ) {
# #
# It was -- delete that rule # It was -- delete that rule
# #
pop @{$nonat_chain->{rules}}; pop @{$nonat_chain->{rules}};
# #
# And move the rules from the nonat chain to the zone dnat chain # And move the rules from the nonat chain to the zone dnat chain
# #
move_rules ( $chn, $nonat_chain ); add_rule( $nonat_chain, "-j $tgt" ) unless move_rules ( $chn, $nonat_chain );
} }
} }