holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

A bit of optimization in add_interface_options()

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-30 08:08:28 -08:00
parent 6bed5e5e55
commit b63c7e0016
2 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -5807,9 +5807,15 @@ sub copy_options( $ ) {
} }
sub add_interface_options( $ ) { sub add_interface_options( $ ) {
my $blrules = shift;
if ( $blrules ) { if ( $_[0] ) {
my %input_chains;
my %forward_chains;
for my $interface ( grep $_ ne '%vserver%', all_interfaces ) {
$input_chains{$interface} = $filter_table->{input_option_chain $interface};
$forward_chains{$interface} = $filter_table->{forward_option_chain $interface};
}
# #
# Insert all interface option rules into the rules chains # Insert all interface option rules into the rules chains
# #
@ -5822,26 +5828,26 @@ sub add_interface_options( $ ) {
if ( zone_type( $zone2 ) & (FIREWALL | VSERVER ) ) { if ( zone_type( $zone2 ) & (FIREWALL | VSERVER ) ) {
if ( @interfaces == 1 && copy_options( $interfaces[0] ) ) { if ( @interfaces == 1 && copy_options( $interfaces[0] ) ) {
if ( ( $chain1ref = $filter_table->{input_option_chain $interfaces[0]} ) && @{$chain1ref->{rules}} ) { if ( ( $chain1ref = $input_chains{$interfaces[0]} ) && @{$chain1ref->{rules}} ) {
copy_rules $chain1ref, $chainref, 1; copy_rules $chain1ref, $chainref, 1;
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
} }
} else { } else {
for my $interface ( @interfaces ) { for my $interface ( @interfaces ) {
if ( ( $chain1ref = $filter_table->{input_option_chain $interface} ) && @{$chain1ref->{rules}} ) { if ( ( $chain1ref = $input_chains{$interface} ) && @{$chain1ref->{rules}} ) {
add_ijump ( $chainref , j => $chain1ref->{name}, @interfaces > 1 ? imatch_source_dev( $interface ) : () ); add_ijump ( $chainref , j => $chain1ref->{name}, @interfaces > 1 ? imatch_source_dev( $interface ) : () );
} }
} }
} }
} else { } else {
if ( @interfaces == 1 && copy_options( $interfaces[0] ) ) { if ( @interfaces == 1 && copy_options( $interfaces[0] ) ) {
if ( ( $chain1ref = $filter_table->{forward_option_chain $interfaces[0]} ) && @{$chain1ref->{rules}} ) { if ( ( $chain1ref = $forward_chains{$interfaces[0]} ) && @{$chain1ref->{rules}} ) {
copy_rules $chain1ref, $chainref, 1; copy_rules $chain1ref, $chainref, 1;
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
} }
} else { } else {
for my $interface ( @interfaces ) { for my $interface ( @interfaces ) {
if ( ( $chain1ref = $filter_table->{forward_option_chain $interface} ) && @{$chain1ref->{rules}} ) { if ( ( $chain1ref = $forward_chains{$interface} ) && @{$chain1ref->{rules}} ) {
add_ijump ( $chainref , j => $chain1ref->{name}, @interfaces > 1 ? imatch_source_dev( $interface ) : () ); add_ijump ( $chainref , j => $chain1ref->{name}, @interfaces > 1 ? imatch_source_dev( $interface ) : () );
} }
} }
@ -5855,7 +5861,6 @@ sub add_interface_options( $ ) {
my $chainref = $filter_table->{rules_chain( $zone1, $zone2 )}; my $chainref = $filter_table->{rules_chain( $zone1, $zone2 )};
my @interfaces = keys %{zone_interfaces( $zone2 )}; my @interfaces = keys %{zone_interfaces( $zone2 )};
my $chain1ref; my $chain1ref;
for my $interface ( @interfaces ) { for my $interface ( @interfaces ) {
if ( ( $chain1ref = $filter_table->{output_option_chain $interface} ) && @{$chain1ref->{rules}} ) { if ( ( $chain1ref = $filter_table->{output_option_chain $interface} ) && @{$chain1ref->{rules}} ) {

2
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2563,7 +2563,7 @@ sub process_rules() {
$section = ''; $section = '';
add_interface_options( $blrules || $filter_table->{blacklst} ); add_interface_options( $blrules || defined $filter_table->{blacklst} );
$fn = open_file 'rules'; $fn = open_file 'rules';