holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Call optimize_policy_chains() after doing other ruleset optimization

Browse Source 
- This insures that ACCEPT policy chains are optimized when EXPAND_POLICIES=No

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2020-07-04 09:49:28 -07:00
parent d643f57bc1
commit b761a6eaa0
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -858,13 +858,14 @@ sub compiler {
if ( ( my $optimize = $config{OPTIMIZE} ) & OPTIMIZE_MASK ) { if ( ( my $optimize = $config{OPTIMIZE} ) & OPTIMIZE_MASK ) {
progress_message2 'Optimizing Ruleset...'; progress_message2 'Optimizing Ruleset...';
# #
# Optimize the ruleet
#
optimize_ruleset if $optimize & OPTIMIZE_RULESET_MASK;
#
# Optimize Policy Chains # Optimize Policy Chains
# #
optimize_policy_chains if ( $optimize & OPTIMIZE_POLICY_MASK2n4 ) == OPTIMIZE_POLICY_MASK; # Level 2 but not 4 optimize_policy_chains if $optimize & OPTIMIZE_POLICY_MASK;
# optimize_policy_chains;
# More Optimization
#
optimize_ruleset if $config{OPTIMIZE} & OPTIMIZE_RULESET_MASK;
} }
enable_script; enable_script;
@ -928,16 +929,16 @@ sub compiler {
optimize_level0; optimize_level0;
if ( ( my $optimize = $config{OPTIMIZE} ) & 0x1e ) { if ( ( my $optimize = $config{OPTIMIZE} ) & OPTIMIZE_MASK ) {
progress_message2 'Optimizing Ruleset...'; progress_message2 'Optimizing Ruleset...';
# #
# Optimize Policy Chains
#
optimize_policy_chains if ( $optimize & OPTIMIZE_POLICY_MASK2n4 ) == OPTIMIZE_POLICY_MASK; # Level 2 but not 4
#
# Ruleset Optimization # Ruleset Optimization
# #
optimize_ruleset if $optimize & OPTIMIZE_RULESET_MASK; optimize_ruleset if $optimize & OPTIMIZE_RULESET_MASK;
#
# Optimize Policy Chains
#
optimize_policy_chains if $optimize & OPTIMIZE_POLICY_MASK;
} }
enable_script if $debug; enable_script if $debug;

2
Shorewall/Perl/Shorewall/Config.pm
View File

@ -311,7 +311,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
OPTIMIZE_MASK OPTIMIZE_MASK
OPTIMIZE_POLICY_MASK OPTIMIZE_POLICY_MASK
OPTIMIZE_POLICY_MASK2n4
OPTIMIZE_RULESET_MASK OPTIMIZE_RULESET_MASK
OPTIMIZE_ALL OPTIMIZE_ALL
) , ] , ) , ] ,
@ -555,7 +554,6 @@ use constant {
# #
use constant { use constant {
OPTIMIZE_POLICY_MASK => 0x02 , # Call optimize_policy_chains() OPTIMIZE_POLICY_MASK => 0x02 , # Call optimize_policy_chains()
OPTIMIZE_POLICY_MASK2n4 => 0x06 ,
OPTIMIZE_RULESET_MASK => 0x1C , # Call optimize_ruleset() OPTIMIZE_RULESET_MASK => 0x1C , # Call optimize_ruleset()
OPTIMIZE_MASK => 0x1E , # Do optimizations beyond level 1 OPTIMIZE_MASK => 0x1E , # Do optimizations beyond level 1
OPTIMIZE_ALL => 0x1F , # Maximum value for documented categories. OPTIMIZE_ALL => 0x1F , # Maximum value for documented categories.