forked from extern/shorewall_code
Change policy->{is_optional} to policy->{provisional}
Signed-off-by: Tom Eastep <teastep@ursa.(none)> git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9668 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
4d8137cb61
commit
70570c4a18
@ -167,7 +167,7 @@ our $VERSION = '4.3_7';
|
||||
# %chain_table { <table> => { <chain1> => { name => <chain name>
|
||||
# table => <table name>
|
||||
# is_policy => undef|1 -- if 1, this is a policy chain
|
||||
# is_optional => undef|1 -- See below.
|
||||
# provisional => undef|1 -- See below.
|
||||
# referenced => undef|1 -- If 1, will be written to the iptables-restore-input.
|
||||
# builtin => undef|1 -- If 1, one of Netfilter's built-in chains.
|
||||
# manual => undef|1 -- If 1, a manual chain.
|
||||
@ -191,8 +191,8 @@ our $VERSION = '4.3_7';
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# 'is_optional' only applies to policy chains; when true, indicates that this is a provisional policy chain which might be
|
||||
# replaced. Policy chains created under the IMPLICIT_CONTINUE=Yes option are marked with is_optional == 1.
|
||||
# 'provisional' only applies to policy chains; when true, indicates that this is a provisional policy chain which might be
|
||||
# replaced. Policy chains created under the IMPLICIT_CONTINUE=Yes option are marked with provisional == 1.
|
||||
#
|
||||
# Only 'referenced' chains get written to the iptables-restore input.
|
||||
#
|
||||
|
@ -62,11 +62,11 @@ INIT {
|
||||
#
|
||||
sub convert_to_policy_chain($$$$$)
|
||||
{
|
||||
my ($chainref, $source, $dest, $policy, $optional ) = @_;
|
||||
my ($chainref, $source, $dest, $policy, $provisional ) = @_;
|
||||
|
||||
$chainref->{is_policy} = 1;
|
||||
$chainref->{policy} = $policy;
|
||||
$chainref->{is_optional} = $optional;
|
||||
$chainref->{provisional} = $provisional;
|
||||
$chainref->{policychain} = $chainref->{name};
|
||||
$chainref->{policypair} = [ $source, $dest ];
|
||||
}
|
||||
@ -282,8 +282,8 @@ sub validate_policy()
|
||||
$chainref = $filter_table->{$chain};
|
||||
|
||||
if ( $chainref->{is_policy} ) {
|
||||
if ( $chainref->{is_optional} ) {
|
||||
$chainref->{is_optional} = 0;
|
||||
if ( $chainref->{provisional} ) {
|
||||
$chainref->{provisional} = 0;
|
||||
$chainref->{policy} = $policy;
|
||||
} else {
|
||||
fatal_error qq(Policy "$client $server $policy" duplicates earlier policy "@{$chainref->{policypair}} $chainref->{policy}");
|
||||
@ -403,14 +403,14 @@ sub apply_policy_rules() {
|
||||
progress_message2 'Applying Policies...';
|
||||
|
||||
for my $chainref ( @policy_chains ) {
|
||||
my $policy = $chainref->{policy};
|
||||
my $loglevel = $chainref->{loglevel};
|
||||
my $optional = $chainref->{is_optional};
|
||||
my $default = $chainref->{default};
|
||||
my $name = $chainref->{name};
|
||||
my $policy = $chainref->{policy};
|
||||
my $loglevel = $chainref->{loglevel};
|
||||
my $provisional = $chainref->{provisional};
|
||||
my $default = $chainref->{default};
|
||||
my $name = $chainref->{name};
|
||||
|
||||
if ( $policy ne 'NONE' ) {
|
||||
if ( ! $chainref->{referenced} && ( ! $optional && $policy ne 'CONTINUE' ) ) {
|
||||
if ( ! $chainref->{referenced} && ( ! $provisional && $policy ne 'CONTINUE' ) ) {
|
||||
ensure_filter_chain $name, 1;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user