Some more fixes for blacklisting

2010-09-09 14:53:12 -07:00 · 2010-09-09 14:53:12 -07:00 · 69817007bf
commit 69817007bf
parent 50300a60b7
2 changed files with 5 additions and 4 deletions
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -323,7 +323,7 @@ sub setup_blacklist() {
 	    progress_message "  Type 1 blacklisting enabled on ${interface}:${network}";
 	}

-	if ( @{$chainref1->{rules}} ) {
+	if ( $chainref1 && @{$chainref1->{rules}} ) {
 	    for my $hostref ( @$hosts1 ) {
 		my $interface  = $hostref->[0];
 		my $ipsec      = $hostref->[1];
@ -1874,7 +1874,7 @@ sub generate_matrix() {
    my $fw = firewall_zone;
    my $notrackref = $raw_table->{notrack_chain $fw};
    my $state = $config{BLACKLISTNEWONLY} ? $globals{UNTRACKED} ? "$globals{STATEMATCH} NEW,INVALID,UNTRACKED " : "$globals{STATEMATCH} NEW,INVALID " : '';
-    my $blackout = @{$filter_table->{blackout}{rules}};
+    my $blackout = $filter_table->{blackout} && @{$filter_table->{blackout}{rules}};
    my @zones = off_firewall_zones;
    my @vservers = vserver_zones;
    my $interface_jumps_added = 0;
--- a/manpages/shorewall-interfaces.xml
+++ b/manpages/shorewall-interfaces.xml
@ -249,8 +249,9 @@ loc     eth2            -</programlisting>
                  </listitem>

                  <listitem>
-                    <para>Output blacklisting. Traffic entering on this
-                    interface is passed against the entries in <ulink
+                    <para>Output blacklisting. Forward traffic that entered
+                    through this interface is passed against the entries in
+                    <ulink
                    url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
                    that have the <emphasis role="bold">to</emphasis>
                    option.</para>