Don't ACCEPT untracked packets unless UNTRACKED_DISPOSITION=ACCEPT

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 09:15:05 -08:00 · 2013-02-09 09:15:05 -08:00 · a4297381e9
commit a4297381e9
parent eaa6d72a4f
1 changed files with 1 additions and 1 deletions
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -973,7 +973,7 @@ sub finish_chain_section ($$$) {
 	    }
 	}

-	push @state, 'UNTRACKED' if $state{UNTRACKED};
+	push( @state, 'UNTRACKED' ),if $state{UNTRACKED} && $globals{UNTRACKED_TARGET} eq 'ACCEPT';

 	add_ijump( $chain1ref, j => 'ACCEPT', state_imatch join(',', @state ) ) if @state;
    }