holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Remove nonsensical logic in expand_rule()

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9550 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-02-26 22:28:27 +00:00
parent 00afd5b142
commit b8d7ee040e
1 changed files with 8 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Shorewall/Shorewall/Chains.pm
View File

@ -2335,26 +2335,16 @@ sub expand_rule( $$$$$$$$$$$ )
#
if ( $diface ) {
fatal_error "Unknown Interface ($diface)" unless known_interface $diface;
fatal_error "A DEST interface may not be specified in this rule" if $restriction & (PREROUTE_RESTRICT );
fatal_error "Bridge Port ($diface) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface );
fatal_error "Destination Interface ($diface) not allowed when the destination zone is the firewall zone" if $restriction & INPUT_RESTRICT;
if ( $restriction & PREROUTE_RESTRICT ) {
#
# ADDRESS 'detect' in the masq file.
#
fatal_error "A DEST interface may not be specified in this rule" unless $chainref->{table} eq 'nat';
fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface );
push_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do', 'done' );
$rule .= '-d $dest ';
} else {
fatal_error "Bridge Port ($diface) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface );
fatal_error "Destination Interface ($diface) not allowed when the destination zone is the firewall zone" if $restriction & INPUT_RESTRICT;
if ( $iiface ) {
my $bridge = port_to_bridge( $diface );
fatal_error "Source interface ($iiface) is not a port on the same bridge as the destination interface ( $diface )" if $bridge && $bridge ne source_port_to_bridge( $iiface );
}
$rule .= match_dest_dev( $diface );
if ( $iiface ) {
my $bridge = port_to_bridge( $diface );
fatal_error "Source interface ($iiface) is not a port on the same bridge as the destination interface ( $diface )" if $bridge && $bridge ne source_port_to_bridge( $iiface );
}
$rule .= match_dest_dev( $diface );
} else {
$diface = '';
}