holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Ensure that exclusion chains have DONT_MOVE

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-06-27 18:06:38 -07:00
parent 41c7c8f923
commit 56d5ae2d41
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1059,6 +1059,7 @@ sub push_rule( $$ ) {
push @{$chainref->{rules}}, $ruleref;
$chainref->{referenced} = 1;
$chainref->{optflags} |= DONT_MOVE if ( $ruleref->{target} || '' ) eq 'RETURN';
trace( $chainref, 'A', @{$chainref->{rules}}, "-A $chainref->{name} $_[1]" ) if $debug;
$ruleref;
@ -1250,6 +1251,7 @@ sub push_irule( $$$;@ ) {
if ( $jump ) {
$ruleref->{jump} = $jump;
$ruleref->{target} = $target;
$chainref->{optflags} |= DONT_MOVE if $target eq 'RETURN';
$ruleref->{targetopts} = $targetopts if $targetopts;
} else {
$ruleref->{target} = '';
@ -6071,7 +6073,7 @@ sub handle_exclusion( $$$$$$$$$$$$$$$$$$ ) {
#
my $echain = newexclusionchain( $table );
my $echainref = new_chain $table, $echain;
my $echainref = dont_move new_chain $table, $echain;
#
# Use the current rule and send all possible matches to the exclusion chain
#