forked from extern/shorewall_code
Ensure that exclusion chains have DONT_MOVE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
41c7c8f923
commit
56d5ae2d41
@ -1059,6 +1059,7 @@ sub push_rule( $$ ) {
|
|||||||
|
|
||||||
push @{$chainref->{rules}}, $ruleref;
|
push @{$chainref->{rules}}, $ruleref;
|
||||||
$chainref->{referenced} = 1;
|
$chainref->{referenced} = 1;
|
||||||
|
$chainref->{optflags} |= DONT_MOVE if ( $ruleref->{target} || '' ) eq 'RETURN';
|
||||||
trace( $chainref, 'A', @{$chainref->{rules}}, "-A $chainref->{name} $_[1]" ) if $debug;
|
trace( $chainref, 'A', @{$chainref->{rules}}, "-A $chainref->{name} $_[1]" ) if $debug;
|
||||||
|
|
||||||
$ruleref;
|
$ruleref;
|
||||||
@ -1250,6 +1251,7 @@ sub push_irule( $$$;@ ) {
|
|||||||
if ( $jump ) {
|
if ( $jump ) {
|
||||||
$ruleref->{jump} = $jump;
|
$ruleref->{jump} = $jump;
|
||||||
$ruleref->{target} = $target;
|
$ruleref->{target} = $target;
|
||||||
|
$chainref->{optflags} |= DONT_MOVE if $target eq 'RETURN';
|
||||||
$ruleref->{targetopts} = $targetopts if $targetopts;
|
$ruleref->{targetopts} = $targetopts if $targetopts;
|
||||||
} else {
|
} else {
|
||||||
$ruleref->{target} = '';
|
$ruleref->{target} = '';
|
||||||
@ -6071,7 +6073,7 @@ sub handle_exclusion( $$$$$$$$$$$$$$$$$$ ) {
|
|||||||
#
|
#
|
||||||
my $echain = newexclusionchain( $table );
|
my $echain = newexclusionchain( $table );
|
||||||
|
|
||||||
my $echainref = new_chain $table, $echain;
|
my $echainref = dont_move new_chain $table, $echain;
|
||||||
#
|
#
|
||||||
# Use the current rule and send all possible matches to the exclusion chain
|
# Use the current rule and send all possible matches to the exclusion chain
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user