forked from extern/shorewall_code
Don't create classic blacklist chains if no blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
89289f95ba
commit
a223245c01
@ -204,6 +204,9 @@ sub setup_blacklist() {
|
|||||||
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
|
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
|
||||||
my $orig_target = $target;
|
my $orig_target = $target;
|
||||||
|
|
||||||
|
BLACKLIST:
|
||||||
|
{
|
||||||
|
if ( my $fn = open_file 'blacklist' ) {
|
||||||
#
|
#
|
||||||
# We go ahead and generate the blacklist chains and jump to them, even if they turn out to be empty. That is necessary
|
# We go ahead and generate the blacklist chains and jump to them, even if they turn out to be empty. That is necessary
|
||||||
# for 'refresh' to work properly.
|
# for 'refresh' to work properly.
|
||||||
@ -220,10 +223,6 @@ sub setup_blacklist() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
BLACKLIST:
|
|
||||||
{
|
|
||||||
if ( my $fn = open_file 'blacklist' ) {
|
|
||||||
|
|
||||||
my $first_entry = 1;
|
my $first_entry = 1;
|
||||||
|
|
||||||
first_entry "$doing $fn...";
|
first_entry "$doing $fn...";
|
||||||
|
@ -2373,8 +2373,8 @@ sub classic_blacklist() {
|
|||||||
my $zoneref = find_zone( $zone );
|
my $zoneref = find_zone( $zone );
|
||||||
my $simple = @zones <= 2 && ! $zoneref->{complex};
|
my $simple = @zones <= 2 && ! $zoneref->{complex};
|
||||||
|
|
||||||
|
if ( my $blackref = $filter_table->{blacklst} ) {
|
||||||
if ( $zoneref->{options}{in}{blacklist} ) {
|
if ( $zoneref->{options}{in}{blacklist} ) {
|
||||||
my $blackref = $filter_table->{blacklst};
|
|
||||||
add_ijump ensure_rules_chain( rules_chain( $zone, $_ ) ) , j => $blackref , @state for firewall_zone, @vservers;
|
add_ijump ensure_rules_chain( rules_chain( $zone, $_ ) ) , j => $blackref , @state for firewall_zone, @vservers;
|
||||||
|
|
||||||
if ( $simple ) {
|
if ( $simple ) {
|
||||||
@ -2395,7 +2395,7 @@ sub classic_blacklist() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $zoneref->{options}{out}{blacklist} ) {
|
if ( $zoneref->{options}{out}{blacklist} ) {
|
||||||
my $blackref = $filter_table->{blackout};
|
$blackref = $filter_table->{blackout};
|
||||||
add_ijump ensure_rules_chain( rules_chain( firewall_zone, $zone ) ) , j => $blackref , @state;
|
add_ijump ensure_rules_chain( rules_chain( firewall_zone, $zone ) ) , j => $blackref , @state;
|
||||||
|
|
||||||
for my $zone1 ( @zones, @vservers ) {
|
for my $zone1 ( @zones, @vservers ) {
|
||||||
@ -2409,6 +2409,7 @@ sub classic_blacklist() {
|
|||||||
|
|
||||||
$result = 1;
|
$result = 1;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
unless ( $simple ) {
|
unless ( $simple ) {
|
||||||
#
|
#
|
||||||
@ -2416,7 +2417,7 @@ sub classic_blacklist() {
|
|||||||
#
|
#
|
||||||
my $frwd_ref = new_standard_chain zone_forward_chain( $zone );
|
my $frwd_ref = new_standard_chain zone_forward_chain( $zone );
|
||||||
|
|
||||||
add_ijump( $frwd_ref , j => $filter_table->{blacklst}, @state ) if $zoneref->{options}{in}{blacklist};
|
add_ijump( $frwd_ref , j => $filter_table->{blacklst}, @state ) if $filter_table->{blacklst} && $zoneref->{options}{in}{blacklist};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user