holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Don't create classic blacklist chains if no blacklist file.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-09-12 07:30:34 -07:00
parent 89289f95ba
commit a223245c01
2 changed files with 45 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -204,6 +204,9 @@ sub setup_blacklist() {
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
my $orig_target = $target;
BLACKLIST:
{
if ( my $fn = open_file 'blacklist' ) {
#
# We go ahead and generate the blacklist chains and jump to them, even if they turn out to be empty. That is necessary
# for 'refresh' to work properly.
@ -220,10 +223,6 @@ sub setup_blacklist() {
}
}
BLACKLIST:
{
if ( my $fn = open_file 'blacklist' ) {
my $first_entry = 1;
first_entry "$doing $fn...";

7
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2373,8 +2373,8 @@ sub classic_blacklist() {
my $zoneref = find_zone( $zone );
my $simple = @zones <= 2 && ! $zoneref->{complex};
if ( my $blackref = $filter_table->{blacklst} ) {
if ( $zoneref->{options}{in}{blacklist} ) {
my $blackref = $filter_table->{blacklst};
add_ijump ensure_rules_chain( rules_chain( $zone, $_ ) ) , j => $blackref , @state for firewall_zone, @vservers;
if ( $simple ) {
@ -2395,7 +2395,7 @@ sub classic_blacklist() {
}
if ( $zoneref->{options}{out}{blacklist} ) {
my $blackref = $filter_table->{blackout};
$blackref = $filter_table->{blackout};
add_ijump ensure_rules_chain( rules_chain( firewall_zone, $zone ) ) , j => $blackref , @state;
for my $zone1 ( @zones, @vservers ) {
@ -2409,6 +2409,7 @@ sub classic_blacklist() {
$result = 1;
}
}
unless ( $simple ) {
#
@ -2416,7 +2417,7 @@ sub classic_blacklist() {
#
my $frwd_ref = new_standard_chain zone_forward_chain( $zone );
add_ijump( $frwd_ref , j => $filter_table->{blacklst}, @state ) if $zoneref->{options}{in}{blacklist};
add_ijump( $frwd_ref , j => $filter_table->{blacklst}, @state ) if $filter_table->{blacklst} && $zoneref->{options}{in}{blacklist};
}
}