holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Don't allow accounting chains to be altered when OPTIMIZE_ACCOUNTING=No

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-04-09 21:44:44 -07:00
parent 74fdd97b14
commit 623e545f09
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2201,7 +2201,7 @@ sub ensure_accounting_chain( $$$ )
$chainref->{restriction} = $restriction;
$chainref->{restricted} = NO_RESTRICT;
$chainref->{ipsec} = $ipsec;
$chainref->{optflags} |= DONT_OPTIMIZE unless $config{OPTIMIZE_ACCOUNTING};
$chainref->{optflags} |= ( DONT_OPTIMIZE | DONT_MOVE | DONT_DELETE ) unless $config{OPTIMIZE_ACCOUNTING};
unless ( $chain eq 'accounting' ) {
my $file = find_file $chain;
@ -2879,7 +2879,9 @@ sub optimize_level4( $$ ) {
# Last rule is a simple branch
my $targetref = $tableref->{$lastrule->{target}};
if ( $targetref && ( keys %{$targetref->{references}} < 2 || @{$targetref->{rules}} < 4 ) ) {
if ( $targetref &&
($targetref->{optflags} & DONT_MOVE) == 0 &&
( keys %{$targetref->{references}} < 2 || @{$targetref->{rules}} < 4 ) ) {
copy_rules( $targetref, $chainref );
$progress = 1;
}