holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix an old optimization bug

Browse Source
This commit is contained in:
Tom Eastep 2010-08-23 15:36:17 -07:00
parent fda426f500
commit 1e6f293c3c
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -685,7 +685,7 @@ sub delete_jumps ( $$ ) {
# deleting elements from the array over which we are iterating. # deleting elements from the array over which we are iterating.
# #
for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) { for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) {
if ( $rules->[$rule] =~ / -[gj] ${to}\s*$/ ) { if ( $rules->[$rule] =~ / -[gj] ${to}( -m comment .*)?\s*$/ ) {
trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug; trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug;
splice( @$rules, $rule, 1 ); splice( @$rules, $rule, 1 );
last unless --$refs > 0; last unless --$refs > 0;
@ -3105,17 +3105,6 @@ sub expand_rule( $$$$$$$$$$;$ )
} elsif ( $disposition eq 'LOG' ) { } elsif ( $disposition eq 'LOG' ) {
fatal_error "LOG requires a level"; fatal_error "LOG requires a level";
} }
#
# Mark Target as referenced, if it's a chain
#
if ( $target =~ /-[jg]\s+([^\s]+)/ ) {
my $targetref = $chain_table{$chainref->{table}}{$1};
if ( $targetref ) {
$targetref->{referenced} = 1;
add_reference $chainref, $targetref;
}
}
# #
# Isolate Source Interface, if any # Isolate Source Interface, if any
# #
@ -3385,6 +3374,8 @@ sub expand_rule( $$$$$$$$$$;$ )
fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl); fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl);
fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $dexcl || $trivialdexcl); fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $dexcl || $trivialdexcl);
my $fromref;
if ( $iexcl || $dexcl || $oexcl ) { if ( $iexcl || $dexcl || $oexcl ) {
# #
# We have non-trivial exclusion -- need to create an exclusion chain # We have non-trivial exclusion -- need to create an exclusion chain
@ -3426,7 +3417,7 @@ sub expand_rule( $$$$$$$$$$;$ )
# #
# Generate Final Rule # Generate Final Rule
# #
add_rule( $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG'; add_rule( $fromref = $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG';
} else { } else {
# #
# No exclusions # No exclusions
@ -3466,7 +3457,7 @@ sub expand_rule( $$$$$$$$$$;$ )
'add', 'add',
$matches ); $matches );
add_rule( $chainref, $matches . $target, 1 ); add_rule( $fromref = $chainref, $matches . $target, 1 );
} }
} else { } else {
# #
@ -3487,12 +3478,22 @@ sub expand_rule( $$$$$$$$$$;$ )
# #
# No logging -- add the target rule with matches to the rule chain # No logging -- add the target rule with matches to the rule chain
# #
add_rule( $chainref, $matches . $target , 1 ); add_rule( $fromref = $chainref, $matches . $target , 1 );
} }
} }
} }
} }
} }
#
# Mark Target as referenced, if it's a chain
#
if ( $fromref && $target =~ /-[jg]\s+([^\s]+)/ ) {
my $targetref = $chain_table{$chainref->{table}}{$1};
if ( $targetref ) {
$targetref->{referenced} = 1;
add_reference $fromref, $targetref;
}
}
while ( @ends ) { while ( @ends ) {
decr_cmd_level $chainref; decr_cmd_level $chainref;