forked from extern/shorewall_code
Move merge_rules() back to where it was.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
6300d6cbfc
commit
703bc88bfd
@ -786,10 +786,51 @@ sub format_rule( $$;$ ) {
|
||||
$rule;
|
||||
}
|
||||
|
||||
#
|
||||
# Merge two rules.
|
||||
#
|
||||
sub merge_rules( $$$ ) {
|
||||
my ( $tableref, $toref, $fromref ) = @_;
|
||||
|
||||
my $target = $fromref->{target};
|
||||
#
|
||||
# Since the 'to' rule is a jump to a chain containing the 'from' rule, we
|
||||
# assume that common unique option values are compatible (such as 'tcp' and
|
||||
# 'tcp ! syn').
|
||||
#
|
||||
for my $option ( @unique_options ) {
|
||||
$toref->{$option} = $fromref->{$option} if exists $fromref->{$option};
|
||||
}
|
||||
|
||||
for my $option ( grep ! $opttype{$_}, keys %$fromref ) {
|
||||
set_rule_option( $toref, $option, $fromref->{$option} );
|
||||
}
|
||||
|
||||
unless ( $toref->{state} ) {
|
||||
set_rule_option ( $toref, 'state', $fromref->{state} ) if $fromref->{state};
|
||||
}
|
||||
|
||||
set_rule_option( $toref, 'policy', $fromref->{policy} ) if exists $fromref->{policy};
|
||||
|
||||
|
||||
unless ( $toref->{comment} ) {
|
||||
$toref->{comment} = $fromref->{comment} if exists $fromref->{comment};
|
||||
}
|
||||
|
||||
$toref->{target} = $target;
|
||||
|
||||
if ( my $targetref = $tableref->{$target} ) {
|
||||
return $targetref;
|
||||
} else {
|
||||
$toref->{targetopts} = $fromref->{targetopts} if $fromref->{targetopts};
|
||||
$toref->{jump} = 'j';
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Trace a change to the chain table
|
||||
#
|
||||
|
||||
sub trace( $$$$ ) {
|
||||
my ($chainref, $action, $rulenum, $message) = @_;
|
||||
|
||||
@ -2341,48 +2382,6 @@ sub replace_references( $$$ ) {
|
||||
delete_chain $chainref;
|
||||
}
|
||||
|
||||
#
|
||||
# Merge two rules.
|
||||
#
|
||||
sub merge_rules( $$$ ) {
|
||||
my ( $tableref, $toref, $fromref ) = @_;
|
||||
|
||||
my $target = $fromref->{target};
|
||||
#
|
||||
# Since the 'to' rule is a jump to a chain containing the 'from' rule, we
|
||||
# assume that common unique option values are compatible (such as 'tcp' and
|
||||
# 'tcp ! syn').
|
||||
#
|
||||
for my $option ( @unique_options ) {
|
||||
$toref->{$option} = $fromref->{$option} if exists $fromref->{$option};
|
||||
}
|
||||
|
||||
for my $option ( grep ! $opttype{$_}, keys %$fromref ) {
|
||||
set_rule_option( $toref, $option, $fromref->{$option} );
|
||||
}
|
||||
|
||||
unless ( $toref->{state} ) {
|
||||
set_rule_option ( $toref, 'state', $fromref->{state} ) if $fromref->{state};
|
||||
}
|
||||
|
||||
set_rule_option( $toref, 'policy', $fromref->{policy} ) if exists $fromref->{policy};
|
||||
|
||||
|
||||
unless ( $toref->{comment} ) {
|
||||
$toref->{comment} = $fromref->{comment} if exists $fromref->{comment};
|
||||
}
|
||||
|
||||
$toref->{target} = $target;
|
||||
|
||||
if ( my $targetref = $tableref->{$target} ) {
|
||||
return $targetref;
|
||||
} else {
|
||||
$toref->{targetopts} = $fromref->{targetopts} if $fromref->{targetopts};
|
||||
$toref->{jump} = 'j';
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Replace jumps to the passed chain with jumps to the target of the passed rule while merging
|
||||
# options and matches
|
||||
|
||||
Loading…
Reference in New Issue
Block a user