holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Always handle ESTABLISHED before the other connection states.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-01-27 10:56:41 -08:00
parent b1b2aa910e
commit 1b94c3651d
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -223,7 +223,7 @@ sub initialize( $ ) {
#
sub new_rules_chain( $ ) {
my $chainref = new_chain( 'filter', $_[0] );
$chainref->{sections} = {};
$chainref->{sections} = $config{FASTACCEPT} ? { RELATED => 1, ESTABLISHED => 1 } : {};
$chainref;
}
@ -901,7 +901,18 @@ sub finish_chain_section ($$$) {
last;
}
add_ijump( $chainref, g => $target, state_imatch $_ ) if $target;
if ( $target ) {
#
# Always handle ESTABLISHED first
#
if ( $state{ESTABLISHED} ) {
add_ijump( $chain1ref, j => 'ACCEPT', state_imatch 'ESTABLISHED' );
delete $state{ESTABLISHED};
}
add_ijump( $chainref, g => $target, state_imatch $_ );
}
delete $state{$_};
}
}