Add some comments in the policy chain creation/population logic

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-11-11 03:41:42 +00:00
parent 530b4ba457
commit 18a6aff46a

View File

@ -3330,7 +3330,7 @@ apply_policy_rules() {
run_iptables -I $chain 2 -p tcp --syn -j @$chain run_iptables -I $chain 2 -p tcp --syn -j @$chain
else else
# #
# A wild-card rule. Create the chain and add policy # The chain doesn't exist. Create the chain and add policy
# rules # rules
# #
# We must include the ESTABLISHED and RELATED state # We must include the ESTABLISHED and RELATED state
@ -3340,6 +3340,13 @@ apply_policy_rules() {
# #
createchain $chain createchain $chain
#
# If either client or server is 'all' then this MUST be
# a policy chain and we must apply the appropriate policy rules
#
# Otherwise, this is a canonical chain which will be handled in
# the for loop below
#
[ "$client" = "all" -o "$server" = "all" ] && \ [ "$client" = "all" -o "$server" = "all" ] && \
policy_rules $chain $policy $loglevel policy_rules $chain $policy $loglevel