holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Disallow move_rules() calls when source chain has embedded commands

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8132 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-02-01 22:53:05 +00:00
parent 8b7e84a807
commit 82e525d0f5
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall-perl/Shorewall/Chains.pm
View File

@ -496,13 +496,22 @@ sub insert_rule($$$)
#
# Move the rules from one chain to another
#
# The rules generated by interface options are added to the interfaces's input chain and
# forward chain. Shorewall::Rules::generate_matrix() may decide to move those rules to
# a zone-oriented chain, hence this function.
#
# The source chain must not have any run-time code included in its rules.
#
sub move_rules( $$ ) {
my ($chain1, $chain2 ) = @_;
if ( $chain1->{referenced} ) {
my @rules = @{$chain1->{rules}};
s/ $chain1->{name} / $chain2->{name} / for @rules;
for ( @rules ) {
fatal_error "Internal Error in move_rules()" unless /^-A/;
s/ $chain1->{name} / $chain2->{name} /;
}
splice @{$chain2->{rules}}, 0, 0, @rules;