holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Don't create a zone forwarding chain for local zones

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2020-07-06 09:06:03 -07:00
parent 31844d22cd
commit 2f58d4e368
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -2288,12 +2288,15 @@ sub generate_matrix() {
# #
for my $zone ( @zones ) { for my $zone ( @zones ) {
my $zoneref = find_zone( $zone ); my $zoneref = find_zone( $zone );
unless ( $zoneref->{type} == LOCAL ) {
if ( @zones > 2 || $zoneref->{complex} ) { if ( @zones > 2 || $zoneref->{complex} ) {
handle_complex_zone( $zone, $zoneref ); handle_complex_zone( $zone, $zoneref );
} else { } else {
new_standard_chain zone_forward_chain( $zone ) if @zones > 1; new_standard_chain zone_forward_chain( $zone ) if @zones > 1;
} }
} }
}
# #
# Main source-zone matrix-generation loop # Main source-zone matrix-generation loop
# #

3
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -3986,9 +3986,8 @@ sub process_rules() {
# #
for my $zone ( @zones ) { for my $zone ( @zones ) {
my $zoneref = find_zone( $zone ); my $zoneref = find_zone( $zone );
my $simple = @zones <= 2 && ! $zoneref->{complex};
unless ( @zones <= 2 && ! $zoneref->{complex} ) { unless ( $zoneref->{type} == LOCAL || ( @zones <= 2 && ! $zoneref->{complex} ) ) {
# #
# Complex zone or we have more than one non-firewall zone -- create a zone forwarding chain # Complex zone or we have more than one non-firewall zone -- create a zone forwarding chain
# #