forked from extern/shorewall_code
Add some comments in the policy chain creation/population logic
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
530b4ba457
commit
18a6aff46a
@ -3330,7 +3330,7 @@ apply_policy_rules() {
|
|||||||
run_iptables -I $chain 2 -p tcp --syn -j @$chain
|
run_iptables -I $chain 2 -p tcp --syn -j @$chain
|
||||||
else
|
else
|
||||||
#
|
#
|
||||||
# A wild-card rule. Create the chain and add policy
|
# The chain doesn't exist. Create the chain and add policy
|
||||||
# rules
|
# rules
|
||||||
#
|
#
|
||||||
# We must include the ESTABLISHED and RELATED state
|
# We must include the ESTABLISHED and RELATED state
|
||||||
@ -3340,6 +3340,13 @@ apply_policy_rules() {
|
|||||||
#
|
#
|
||||||
createchain $chain
|
createchain $chain
|
||||||
|
|
||||||
|
#
|
||||||
|
# If either client or server is 'all' then this MUST be
|
||||||
|
# a policy chain and we must apply the appropriate policy rules
|
||||||
|
#
|
||||||
|
# Otherwise, this is a canonical chain which will be handled in
|
||||||
|
# the for loop below
|
||||||
|
#
|
||||||
[ "$client" = "all" -o "$server" = "all" ] && \
|
[ "$client" = "all" -o "$server" = "all" ] && \
|
||||||
policy_rules $chain $policy $loglevel
|
policy_rules $chain $policy $loglevel
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user