Avoid regression in fixing syn flood chain names

2010-11-22 14:34:58 -08:00 · 2010-11-22 14:34:58 -08:00 · 70453f2648
commit 70453f2648
parent f2f2ef713d
1 changed files with 4 additions and 1 deletions
--- a/Shorewall/Perl/Shorewall/Policy.pm
+++ b/Shorewall/Perl/Shorewall/Policy.pm
@ -491,11 +491,14 @@ sub complete_standard_chain ( $$$$ ) {
 # Create and populate the synflood chains corresponding to entries in /etc/shorewall/policy
 #
 sub setup_syn_flood_chains() {
+    my @zones = ( non_firewall_zones );
    for my $chainref ( @policy_chains ) {
 	my $limit = $chainref->{synparams};
 	if ( $limit && ! $filter_table->{syn_flood_chain $chainref} ) {
 	    my $level = $chainref->{loglevel};
-	    my $synchainref = new_chain( 'filter' , '@' . $chainref->{name} );
+	    my $synchainref = @zones > 1 ? 
+		    new_chain 'filter' , syn_flood_chain $chainref :
+		    new_chain( 'filter' , '@' . $chainref->{name} );
 	    add_rule $synchainref , "${limit}-j RETURN";
 	    log_rule_limit( $level ,
 			    $synchainref ,