From 215c05d12b1af9121acbbdb7ffdc85d33c65bad0 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 27 Dec 2010 09:05:44 -0800 Subject: [PATCH] Add some comments -- fix logging with NAT actions --- Shorewall/Perl/Shorewall/Rules.pm | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 27ea41e93..bef5995a5 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -837,8 +837,22 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) { unless ( $inaction3 ) { fatal_error "An action may not invoke itself" if $basictarget eq $inaction1; if ( my $ref = use_action( $normalized_target ) ) { - process_action2( $normalized_target ) unless $actiontype & BUILTIN; - ensure_chain( 'nat', $ref->{name} ) if ( $actiontype = $targets{$basictarget} ) & NATRULE; + # + # First reference to this tupple + # + unless ( $actiontype & BUILTIN ) { + # + # Not a built-in - do preprocessing + # + process_action2( $normalized_target ); + # + # Preprocessing may determine that the chain or one of it's dependents does NAT. If so: + # + # - Refresh $actiontype + # - Create the associate nat table chain if appropriate. + # + ensure_chain( 'nat', $ref->{name} ) if ( $actiontype = $targets{$basictarget} ) & NATRULE; + } } } @@ -1105,7 +1119,7 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) { } } } elsif ( $actiontype & ACTION ) { - $target = $action; + $target = $usedactions{$normalized_target}->{name}; } else { if ( $server eq '' ) { fatal_error "A server and/or port must be specified in the DEST column in $action rules" unless $serverport;