Correct handling of MACLIST_DISPOSITION=A_xxx when MACLIST_TABLE=mangle

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-09 09:37:12 -07:00
parent 50494f667c
commit 273f109daf
2 changed files with 6 additions and 4 deletions

View File

@ -2520,15 +2520,15 @@ sub ensure_audit_blacklog_chain( $$$ ) {
# Create and populate the passed AUDIT chain if it doesn't exist. Return chain name
#
sub ensure_audit_chain( $;$$ ) {
my ( $target, $action, $tgt ) = @_;
sub ensure_audit_chain( $;$$$ ) {
my ( $target, $action, $tgt, $table ) = @_;
my $save_comment = push_comment;
my $ref = $filter_table->{$target};
unless ( $ref ) {
$ref = new_chain 'filter', $target;
$ref = new_chain( $table || 'filter', $target );
unless ( $action ) {
$action = $target;

View File

@ -1165,7 +1165,7 @@ sub setup_mac_lists( $ ) {
my $target = $globals{MACLIST_TARGET};
my $level = $config{MACLIST_LOG_LEVEL};
my $disposition = $config{MACLIST_DISPOSITION};
my $audit = $disposition =~ /^A_/;
my $audit = $disposition =~ s/^A_//;
my $ttl = $config{MACLIST_TTL};
progress_message2 "$doing MAC Filtration -- Phase $phase...";
@ -1281,6 +1281,8 @@ sub setup_mac_lists( $ ) {
#
# Phase II
#
ensure_audit_chain( $target, $disposition, undef, $table ) if $audit;
for my $interface ( @maclist_interfaces ) {
my $chainref = $chain_table{$table}{( $ttl ? macrecent_target $interface : mac_chain $interface )};
my $chain = $chainref->{name};