forked from extern/shorewall_code
Add a comment explaining why avoiding creation of the blacklst chain
and branching to it is a bad idea. Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
f363825261
commit
9bb1caa4bc
@ -223,7 +223,10 @@ sub setup_blacklist() {
|
|||||||
my $chainref;
|
my $chainref;
|
||||||
my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
|
my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
|
||||||
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
|
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
|
||||||
|
#
|
||||||
|
# We go ahead and generate the blacklist chain and jump to it, even if it turns out to be empty. That is necessary
|
||||||
|
# for 'refresh' to work properly.
|
||||||
|
#
|
||||||
if ( @$hosts ) {
|
if ( @$hosts ) {
|
||||||
$chainref = new_standard_chain 'blacklst';
|
$chainref = new_standard_chain 'blacklst';
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user