holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More fixes to optimization

Browse Source 
Only disallow / ! -[piosd] / if the target is a chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-05-01 08:58:41 -07:00
parent 5456c9fba3
commit 311372013d
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1752,9 +1752,9 @@ sub optimize_ruleset() {
# #
# Not so easy -- the rule contains matches # Not so easy -- the rule contains matches
# #
my ($target, $matches ) = ( $1, $2 ); my ($matches, $target ) = ( $1, $2 );
if ( $chainref->{builtin} || ! have_capability 'KLUDGEFREE' || $matches =~ /! -[piosd] / ) { if ( $chainref->{builtin} || ! have_capability 'KLUDGEFREE' || ( defined( $chain_table{$chainref->{table}}{$target} ) && $matches =~ /! -[piosd] / ) ) {
# #
# This case requires a new rule merging algorithm. Ignore this chain for # This case requires a new rule merging algorithm. Ignore this chain for
# now. # now.
@ -1762,9 +1762,9 @@ sub optimize_ruleset() {
$chainref->{dont_optimize} = 1; $chainref->{dont_optimize} = 1;
} else { } else {
# #
# Replace references to this chain with the target and add the predicates # Replace references to this chain with the target and add the matches
# #
replace_references1 $chainref, $matches, $target; replace_references1 $chainref, $target, $matches;
$progress = 1; $progress = 1;
} }
} }