diff --git a/Shorewall/compiler b/Shorewall/compiler index c0ec4e0d5..ae9a822bb 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -4077,35 +4077,19 @@ activate_rules() run_iptables -A $2 -j ${1}_dyn } # - # Add a set of exclusions at the end of a nat chain - # - add_nat_exclusions() # $1 = chain name $2 - $n = exclusions - { - local c=$1 num=0 - - shift - - for host in $*; do - interface=${host%%:*} - networks=${host#*:} - num=$(($num + 1)) - run_iptables -t nat -I $c $num -i $interface -s $networks -j RETURN - done - } - # # Insert a set of exclusions at the front of a chain # - insert_exclusions() # $1 = chain name, $2 - $n = exclusions + insert_exclusions() # $1 = table $2 = chain name, $3 - $n = exclusions { - local c=$1 num=0 + local t=$1 c=$2 num=0 - shift + shift 2 for host1 in $*; do interface1=${host1%%:*} networks1=${host1#*:} num=$(($num + 1)) - run_iptables -I $c $num -o $interface1 -d $networks1 -j RETURN + run_iptables -t $t -I $c $num -o $interface1 -d $networks1 -j RETURN done } # @@ -4213,7 +4197,7 @@ activate_rules() frwd_chain=${zone}_frwd chain=$(dnat_chain $zone) if havenatchain $chain; then - add_nat_exclusions $chain $exclusions + insert_exclusions nat $chain $exclusions fi fi @@ -4310,20 +4294,20 @@ activate_rules() all2$zone1) if eval test -z \"\$${chain}_exclusions\"; then eval ${chain}_exclusions=Yes - insert_exclusions $chain $exclusions1 + insert_exclusions filter $chain $exclusions1 fi ;; *2all) chain1=${chain}_${zone1}_ex if ! havechain $chain1; then createchain $chain1 no - insert_exclusions $chain1 $exclusions1 + insert_exclusions filter $chain1 $exclusions1 run_iptables -A $chain1 -j $chain chain=$chain1 fi ;; *) - insert_exclusions $chain $exclusions1 + insert_exclusions filter $chain $exclusions1 ;; esac fi