Revert change that allowed out of order policies

2009-12-19 07:20:00 -08:00 · 2009-12-19 07:20:00 -08:00 · 10ae98571b
commit 10ae98571b
parent 4bbbcc20dd
2 changed files with 2 additions and 15 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -176,7 +176,6 @@ our $VERSION = '4.4_4';
 #                                               table        => <table name>
 #                                               is_policy    => undef|1 -- if 1, this is a policy chain
 #                                               provisional  => undef|1 -- See below.
-#                                               expanded     => undef|1 -- See below.
 #                                               referenced   => undef|1 -- If 1, will be written to the iptables-restore-input.
 #                                               builtin      => undef|1 -- If 1, one of Netfilter's built-in chains.
 #                                               manual       => undef|1 -- If 1, a manual chain.
@ -201,9 +200,7 @@ our $VERSION = '4.4_4';
 #                 }
 #
 #       'provisional' only applies to policy chains; when true, indicates that this is a provisional policy chain which might be
-#       replaced. Policy chains created under the IMPLICIT_CONTINUE=Yes option are marked with provisional == 1. Similarly,
-#       'expanded' is set when a specific policy is established by a wildcard policy. Such policies are similar to provisional
-#       policies in that they can be superseded by a specific policy.
+#       replaced. Policy chains created under the IMPLICIT_CONTINUE=Yes option are marked with provisional == 1.
 #
 #       Only 'referenced' chains get written to the iptables-restore input.
 #
--- a/Shorewall/Perl/Shorewall/Policy.pm
+++ b/Shorewall/Perl/Shorewall/Policy.pm
@ -107,7 +107,6 @@ sub set_policy_chain($$$$$)
 	    $chainref1->{policychain} = $chainref->{name};
 	}

-	$chainref1->{expanded} = 1;
 	$chainref1->{policy} = $policy;
 	$chainref1->{policypair} = [ $source, $dest ];
    }
@ -222,20 +221,11 @@ sub process_a_policy() {
 	    if ( $chainref->{provisional} ) {
 		$chainref->{provisional} = 0;
 		$chainref->{policy} = $policy;
-	    } elsif ( $chainref->{expanded} ) {
-		$chainref->{expanded} = 0;
-		$chainref->{policy} = $policy;
 	    } else {
 		fatal_error qq(Policy "$client $server $policy" duplicates earlier policy "@{$chainref->{policypair}} $chainref->{policy}");
 	    }
 	} elsif ( $chainref->{policy} ) {
-	    if ( $chainref->{expanded} ) {
-		$chainref->{expanded} = 0;
-		convert_to_policy_chain( $chainref, $client, $server, $policy, 0 );
-		push @policy_chains, ( $chainref ) unless $config{EXPAND_POLICIES} && ( $clientwild || $serverwild );
-	    } else {
-		fatal_error qq(Policy "$client $server $policy" duplicates earlier policy "@{$chainref->{policypair}} $chainref->{policy}");
-	    }
+	    fatal_error qq(Policy "$client $server $policy" duplicates earlier policy "@{$chainref->{policypair}} $chainref->{policy}");
 	} else {
 	    convert_to_policy_chain( $chainref, $client, $server, $policy, 0 );
 	    push @policy_chains, ( $chainref ) unless $config{EXPAND_POLICIES} && ( $clientwild || $serverwild );