Drop chain-ending rules whose target is 'RETURN'.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-01-25 14:03:04 -08:00
parent b7273d6999
commit b8cc9c5a6a

View File

@ -2961,6 +2961,7 @@ sub optimize_level4( $$ ) {
# A chain with a single 'RETURN' rule -- get rid of it
#
delete_chain_and_references( $chainref );
$progress = 1;
} else {
#
# Replace all references to this chain with references to the target
@ -2969,10 +2970,13 @@ sub optimize_level4( $$ ) {
$progress = 1;
}
} elsif ( $firstrule->{target} ) {
#
# Not so easy -- the rule contains matches
#
if ( $chainref->{builtin} || ! $globals{KLUDGEFREE} || $firstrule->{policy} ) {
if ( $firstrule->{target} eq 'RETURN' ) {
#
# A chain with a single 'RETURN' rule -- get rid of it
#
delete_chain_and_references( $chainref );
$progress = 1;
} elsif ( $chainref->{builtin} || ! $globals{KLUDGEFREE} || $firstrule->{policy} ) {
#
# This case requires a new rule merging algorithm. Ignore this chain for
# now on.
@ -2992,6 +2996,15 @@ sub optimize_level4( $$ ) {
#
my $rulesref = $chainref->{rules};
if ( ( $lastref->{target} || '' ) eq 'RETURN' ) {
#
# The last rule is a RETURN -- get rid of it
#
pop @$rulesref;
$lastref = $rulesref->[-1];
$progress = 1;
}
if ( $lastref->{simple} && $lastref->{target} && ! $lastref->{targetopts} ) {
my $target = $lastref->{target};
my $count = 0;