Ensure that exclusion chains have DONT_MOVE

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-06-27 18:06:38 -07:00
parent 41c7c8f923
commit 56d5ae2d41

View File

@ -1059,6 +1059,7 @@ sub push_rule( $$ ) {
push @{$chainref->{rules}}, $ruleref; push @{$chainref->{rules}}, $ruleref;
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
$chainref->{optflags} |= DONT_MOVE if ( $ruleref->{target} || '' ) eq 'RETURN';
trace( $chainref, 'A', @{$chainref->{rules}}, "-A $chainref->{name} $_[1]" ) if $debug; trace( $chainref, 'A', @{$chainref->{rules}}, "-A $chainref->{name} $_[1]" ) if $debug;
$ruleref; $ruleref;
@ -1250,6 +1251,7 @@ sub push_irule( $$$;@ ) {
if ( $jump ) { if ( $jump ) {
$ruleref->{jump} = $jump; $ruleref->{jump} = $jump;
$ruleref->{target} = $target; $ruleref->{target} = $target;
$chainref->{optflags} |= DONT_MOVE if $target eq 'RETURN';
$ruleref->{targetopts} = $targetopts if $targetopts; $ruleref->{targetopts} = $targetopts if $targetopts;
} else { } else {
$ruleref->{target} = ''; $ruleref->{target} = '';
@ -6071,7 +6073,7 @@ sub handle_exclusion( $$$$$$$$$$$$$$$$$$ ) {
# #
my $echain = newexclusionchain( $table ); my $echain = newexclusionchain( $table );
my $echainref = new_chain $table, $echain; my $echainref = dont_move new_chain $table, $echain;
# #
# Use the current rule and send all possible matches to the exclusion chain # Use the current rule and send all possible matches to the exclusion chain
# #