holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Deimplement OPTIMIZE_USE_FIRST

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-01-24 10:52:04 -08:00
parent 9796c58eb2
commit 070a67d665
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 1 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2301,8 +2301,6 @@ sub use_forward_chain($$) {
my $interfaceref = find_interface($interface); my $interfaceref = find_interface($interface);
my $nets = $interfaceref->{nets}; my $nets = $interfaceref->{nets};
return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & OPTIMIZE_USE_FIRST );
# #
# Use it if we already have jumps to it # Use it if we already have jumps to it
# #
@ -2377,8 +2375,6 @@ sub use_input_chain($$) {
my ( $interface, $chainref ) = @_; my ( $interface, $chainref ) = @_;
my $interfaceref = find_interface($interface); my $interfaceref = find_interface($interface);
my $nets = $interfaceref->{nets}; my $nets = $interfaceref->{nets};
return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & OPTIMIZE_USE_FIRST );
# #
# We must use the interfaces's chain if the interface is associated with multiple Zones # We must use the interfaces's chain if the interface is associated with multiple Zones
# #
@ -2458,8 +2454,6 @@ sub use_output_chain($$) {
my ( $interface, $chainref) = @_; my ( $interface, $chainref) = @_;
my $interfaceref = find_interface($interface); my $interfaceref = find_interface($interface);
my $nets = $interfaceref->{nets}; my $nets = $interfaceref->{nets};
return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & OPTIMIZE_USE_FIRST );
# #
# We must use the interfaces's chain if the interface is associated with multiple Zones # We must use the interfaces's chain if the interface is associated with multiple Zones
# #

5
Shorewall/Perl/Shorewall/Config.pm
View File

@ -306,7 +306,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
OPTIMIZE_POLICY_MASK OPTIMIZE_POLICY_MASK
OPTIMIZE_POLICY_MASK2n4 OPTIMIZE_POLICY_MASK2n4
OPTIMIZE_RULESET_MASK OPTIMIZE_RULESET_MASK
OPTIMIZE_USE_FIRST
OPTIMIZE_ALL OPTIMIZE_ALL
) , ] , ) , ] ,
protocols => [ qw ( protocols => [ qw (
@ -547,8 +546,6 @@ use constant {
OPTIMIZE_RULESET_MASK => 0x1C , # Call optimize_ruleset() OPTIMIZE_RULESET_MASK => 0x1C , # Call optimize_ruleset()
OPTIMIZE_MASK => 0x1E , # Do optimizations beyond level 1 OPTIMIZE_MASK => 0x1E , # Do optimizations beyond level 1
OPTIMIZE_ALL => 0x1F , # Maximum value for documented categories. OPTIMIZE_ALL => 0x1F , # Maximum value for documented categories.
OPTIMIZE_USE_FIRST => 0x1000 # Always use interface 'first' chains -- undocumented
}; };
our %helpers = ( amanda => UDP, our %helpers = ( amanda => UDP,
@ -6879,7 +6876,7 @@ sub get_configuration( $$$$ ) {
} else { } else {
$val = numeric_value $config{OPTIMIZE}; $val = numeric_value $config{OPTIMIZE};
fatal_error "Invalid OPTIMIZE value ($config{OPTIMIZE})" unless supplied( $val ) && $val >= 0 && ( $val & ~OPTIMIZE_USE_FIRST ) <= OPTIMIZE_ALL; fatal_error "Invalid OPTIMIZE value ($config{OPTIMIZE})" unless supplied( $val ) && $val >= 0 && $val <= OPTIMIZE_ALL;
} }
require_capability 'XMULTIPORT', 'OPTIMIZE level 16', 's' if $val & 16; require_capability 'XMULTIPORT', 'OPTIMIZE level 16', 's' if $val & 16;