forked from extern/shorewall_code
Don't generate policy chains for fw to bridgeport zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
1030c852f9
commit
c52a3dcd14
@ -329,7 +329,8 @@ sub validate_policy()
|
||||
}
|
||||
|
||||
for $zone ( all_zones ) {
|
||||
push @policy_chains, ( new_policy_chain $zone, $zone, 'ACCEPT', PROVISIONAL );
|
||||
push @policy_chains, ( new_policy_chain $zone, $zone, 'ACCEPT', PROVISIONAL );
|
||||
push @policy_chains, ( new_policy_chain firewall_zone, $zone, 'NONE', PROVISIONAL ) if zone_type( $zone ) == BPORT;
|
||||
|
||||
if ( $config{IMPLICIT_CONTINUE} && ( @{find_zone( $zone )->{parents}} ) ) {
|
||||
for my $zone1 ( all_zones ) {
|
||||
|
@ -1649,16 +1649,16 @@ sub rules_target( $$ ) {
|
||||
|
||||
return $chain if $chainref && $chainref->{referenced};
|
||||
return 'ACCEPT' if $zone eq $zone1;
|
||||
|
||||
|
||||
assert( $chainref );
|
||||
|
||||
|
||||
if ( $chainref->{policy} ne 'CONTINUE' ) {
|
||||
my $policyref = $filter_table->{$chainref->{policychain}};
|
||||
assert( $policyref );
|
||||
return $policyref->{name} if $policyref ne $chainref;
|
||||
return $chainref->{policy} eq 'REJECT' ? 'reject' : $chainref->{policy};
|
||||
}
|
||||
|
||||
|
||||
''; # CONTINUE policy
|
||||
}
|
||||
|
||||
@ -1862,7 +1862,7 @@ sub generate_matrix() {
|
||||
for my $net ( @{$hostref->{hosts}} ) {
|
||||
my $dest = match_dest_net $net;
|
||||
|
||||
if ( $chain1 ) {
|
||||
if ( $chain1 && zone_type ( $zone) != BPORT ) {
|
||||
my $chain1ref = $filter_table->{$chain1};
|
||||
my $nextchain = dest_exclusion( $exclusions, $chain1 );
|
||||
my $outputref;
|
||||
|
Loading…
Reference in New Issue
Block a user