Add some comments in the policy chain creation/population logic

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-11 03:41:42 +00:00 · 2002-11-11 03:41:42 +00:00 · 18a6aff46a
commit 18a6aff46a
parent 530b4ba457
1 changed files with 8 additions and 1 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -3330,7 +3330,7 @@ apply_policy_rules() {
 		run_iptables -I $chain 2 -p tcp --syn -j @$chain
 	else
 	    #
-	    # A wild-card rule. Create the chain and add policy
+	    # The chain doesn't exist. Create the chain and add policy
 	    # rules
 	    #
 	    # We must include the ESTABLISHED and RELATED state
@ -3340,6 +3340,13 @@ apply_policy_rules() {
 	    #
 	    createchain $chain

+	    #
+	    # If either client or server is 'all' then this MUST be
+	    # a policy chain and we must apply the appropriate policy rules
+	    #
+	    # Otherwise, this is a canonical chain which will be handled in
+	    # the for loop below
+	    #
 	    [ "$client" = "all" -o "$server" = "all" ] && \
 		policy_rules $chain $policy $loglevel