From b761a6eaa0053751bcded47f1b3f4d91c7fa02e1 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 4 Jul 2020 09:49:28 -0700 Subject: [PATCH] Call optimize_policy_chains() after doing other ruleset optimization - This insures that ACCEPT policy chains are optimized when EXPAND_POLICIES=No Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Compiler.pm | 21 +++++++++++---------- Shorewall/Perl/Shorewall/Config.pm | 2 -- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index a9578106d..b82c5ad1e 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -858,13 +858,14 @@ sub compiler { if ( ( my $optimize = $config{OPTIMIZE} ) & OPTIMIZE_MASK ) { progress_message2 'Optimizing Ruleset...'; # + # Optimize the ruleet + # + optimize_ruleset if $optimize & OPTIMIZE_RULESET_MASK; + # # Optimize Policy Chains # - optimize_policy_chains if ( $optimize & OPTIMIZE_POLICY_MASK2n4 ) == OPTIMIZE_POLICY_MASK; # Level 2 but not 4 - # - # More Optimization - # - optimize_ruleset if $config{OPTIMIZE} & OPTIMIZE_RULESET_MASK; + optimize_policy_chains if $optimize & OPTIMIZE_POLICY_MASK; + optimize_policy_chains; } enable_script; @@ -928,16 +929,16 @@ sub compiler { optimize_level0; - if ( ( my $optimize = $config{OPTIMIZE} ) & 0x1e ) { + if ( ( my $optimize = $config{OPTIMIZE} ) & OPTIMIZE_MASK ) { progress_message2 'Optimizing Ruleset...'; # - # Optimize Policy Chains - # - optimize_policy_chains if ( $optimize & OPTIMIZE_POLICY_MASK2n4 ) == OPTIMIZE_POLICY_MASK; # Level 2 but not 4 - # # Ruleset Optimization # optimize_ruleset if $optimize & OPTIMIZE_RULESET_MASK; + # + # Optimize Policy Chains + # + optimize_policy_chains if $optimize & OPTIMIZE_POLICY_MASK; } enable_script if $debug; diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index ceac0c6b8..d724d8f59 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -311,7 +311,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script OPTIMIZE_MASK OPTIMIZE_POLICY_MASK - OPTIMIZE_POLICY_MASK2n4 OPTIMIZE_RULESET_MASK OPTIMIZE_ALL ) , ] , @@ -555,7 +554,6 @@ use constant { # use constant { OPTIMIZE_POLICY_MASK => 0x02 , # Call optimize_policy_chains() - OPTIMIZE_POLICY_MASK2n4 => 0x06 , OPTIMIZE_RULESET_MASK => 0x1C , # Call optimize_ruleset() OPTIMIZE_MASK => 0x1E , # Do optimizations beyond level 1 OPTIMIZE_ALL => 0x1F , # Maximum value for documented categories.