From 6926bcdbb9fd1dd800092058f8ef34dfee20cb0c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 29 Dec 2011 14:52:07 -0800 Subject: [PATCH] More refinements of the option chain stuff. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 13 ++++++++----- Shorewall/Perl/Shorewall/Misc.pm | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 9024362b2..af1a37f20 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -5818,29 +5818,30 @@ sub add_interface_options( $ ) { for my $zone2 ( all_zones ) { my $chainref = $filter_table->{rules_chain( $zone1, $zone2 )}; + my $chain1ref; if ( zone_type( $zone2 ) & (FIREWALL | VSERVER ) ) { if ( @interfaces == 1 && copy_options( $interfaces[0] ) ) { - if ( my $chain1ref = $filter_table->{input_option_chain $interfaces[0]} ) { + if ( ( $chain1ref = $filter_table->{input_option_chain $interfaces[0]} ) && @{$chain1ref->{rules}} ) { copy_rules $chain1ref, $chainref, 1; $chainref->{referenced} = 1; } } else { for my $interface ( @interfaces ) { - if ( my $chain1ref = $filter_table->{forward_option_chain $interface} ) { + if ( ( $chain1ref = $filter_table->{forward_option_chain $interface} ) && @{$chain1ref->{rules}} ) { add_ijump ( $chainref , j => $chain1ref->{name}, @interfaces > 1 ? imatch_source_dev( $interface ) : () ); } } } } else { if ( @interfaces == 1 && copy_options( $interfaces[0] ) ) { - if ( my $chain1ref = $filter_table->{forward_option_chain $interfaces[0]} ) { + if ( ( $chain1ref = $filter_table->{forward_option_chain $interfaces[0]} ) && @{$chain1ref->{rules}} ) { copy_rules $chain1ref, $chainref, 1; $chainref->{referenced} = 1; } } else { for my $interface ( @interfaces ) { - if ( my $chain1ref = $filter_table->{forward_option_chain $interface} ) { + if ( ( $chain1ref = $filter_table->{forward_option_chain $interface} ) && @{$chain1ref->{rules}} ) { add_ijump ( $chainref , j => $chain1ref->{name}, @interfaces > 1 ? imatch_source_dev( $interface ) : () ); } } @@ -5853,9 +5854,11 @@ sub add_interface_options( $ ) { for my $zone2 ( off_firewall_zones ) { my $chainref = $filter_table->{rules_chain( $zone1, $zone2 )}; my @interfaces = keys %{zone_interfaces( $zone2 )}; + my $chain1ref; + for my $interface ( @interfaces ) { - if ( my $chain1ref = $filter_table->{output_option_chain $interface} ) { + if ( ( $chain1ref = $filter_table->{output_option_chain $interface} ) && @{$chain1ref->{rules}} ) { add_ijump ( $chainref , j => $chain1ref->{name}, @interfaces > 1 ? imatch_dest_dev( $interface ) : () ); } } diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 477ef55b9..8ac248244 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -1164,7 +1164,7 @@ sub setup_mac_lists( $ ) { if ( $table eq 'filter' ) { my $chainref = source_exclusion( $hostref->[3], $filter_table->{mac_chain $interface} ); - for my $chain ( first_chains $interface ) { + for my $chain ( option_chains $interface ) { add_ijump $filter_table->{$chain} , j => $chainref, @source, @state, @policy; } } else {