forked from extern/shorewall_code
Always handle ESTABLISHED before the other connection states.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
b1b2aa910e
commit
1b94c3651d
@ -223,7 +223,7 @@ sub initialize( $ ) {
|
|||||||
#
|
#
|
||||||
sub new_rules_chain( $ ) {
|
sub new_rules_chain( $ ) {
|
||||||
my $chainref = new_chain( 'filter', $_[0] );
|
my $chainref = new_chain( 'filter', $_[0] );
|
||||||
$chainref->{sections} = {};
|
$chainref->{sections} = $config{FASTACCEPT} ? { RELATED => 1, ESTABLISHED => 1 } : {};
|
||||||
$chainref;
|
$chainref;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -901,7 +901,18 @@ sub finish_chain_section ($$$) {
|
|||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
|
|
||||||
add_ijump( $chainref, g => $target, state_imatch $_ ) if $target;
|
if ( $target ) {
|
||||||
|
#
|
||||||
|
# Always handle ESTABLISHED first
|
||||||
|
#
|
||||||
|
if ( $state{ESTABLISHED} ) {
|
||||||
|
add_ijump( $chain1ref, j => 'ACCEPT', state_imatch 'ESTABLISHED' );
|
||||||
|
delete $state{ESTABLISHED};
|
||||||
|
}
|
||||||
|
|
||||||
|
add_ijump( $chainref, g => $target, state_imatch $_ );
|
||||||
|
}
|
||||||
|
|
||||||
delete $state{$_};
|
delete $state{$_};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user