From 10e2cb3751481cad8ca9a1a86c937217eecaea55 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 12 Mar 2008 22:34:21 +0000 Subject: [PATCH] Fix rule generation for '- ' entries in /etc/shorewall/interfaces git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8282 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Chains.pm | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 8553e0352..1394749e9 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -569,7 +569,7 @@ sub use_forward_chain($) { # # We must use the interfaces's chain if the interface is associated with multiple zone nets # - $interfaceref->{nets} != 1; + $interfaceref->{nets} > 1; } # @@ -593,10 +593,15 @@ sub zone_input_chain($) { sub use_input_chain($) { my $interface = $_[0]; my $interfaceref = find_interface($interface); + my $nets = $interfaceref->{nets}; # # We must use the interfaces's chain if the interface is associated with multiple zone nets # - return 1 if $interfaceref->{nets} != 1; + return 1 if $nets > 1; + # + # Don't need it if it isn't associated with any zone + # + return 0 unless $nets; # # Interface associated with a single zone -- use the zone's input chain if it has one # @@ -632,10 +637,15 @@ sub zone_output_chain($) { sub use_output_chain($) { my $interface = $_[0]; my $interfaceref = find_interface($interface); + my $nets = $interfaceref->{nets}; # # We must use the interfaces's chain if the interface is associated with multiple zone nets # - return 1 if $interfaceref->{nets} != 1; + return 1 if $nets > 1; + # + # Don't need it if it isn't associated with any zone + # + return 0 unless $nets; # # Interface associated with a single zone -- use the zone's output chain if it has one #