holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Place sfilter jumps in the option chains

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-31 14:47:36 -08:00
parent 4b8fb130ba
commit 288c7b06dc
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -761,26 +761,22 @@ sub add_common_rules ( $ ) {
my @filters = @{$interfaceref->{filter}};
$chainref = $filter_table->{forward_chain $interface};
$chainref = $filter_table->{forward_option_chain $interface};
if ( @filters ) {
add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
$interfaceref->{options}{use_forward_chain} = 1;
} elsif ( $interfaceref->{bridge} eq $interface ) {
add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_dest_dev( $interface ), @ipsec ), $chainref->{filtered}++
unless( $config{ROUTE_FILTER} eq 'on' ||
$interfaceref->{options}{routeback} ||
$interfaceref->{options}{routefilter} ||
$interfaceref->{physical} eq '+' );
$interfaceref->{options}{use_forward_chain} = 1;
}
if ( @filters ) {
$chainref = $filter_table->{input_chain $interface};
$chainref = $filter_table->{input_option_chain $interface};
add_ijump( $chainref , g => $target, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
$interfaceref->{options}{use_input_chain} = 1;
}
for ( option_chains( $interface ) ) {