forked from extern/shorewall_code
Fix an optimize 8 bug.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
dde540c42d
commit
cf59d9ec68
@ -744,13 +744,11 @@ sub move_rules( $$ ) {
|
||||
$name1 =~ s/\+/\\+/;
|
||||
|
||||
for ( @{$chain1->{rules}} ) {
|
||||
if ( s/\-([AI]) $name1 /-$1 $name2 / ) {
|
||||
if ( / -[jg] ([^\s]+)\b/ ) {
|
||||
my $toref = $tableref->{$1};
|
||||
if ( $toref && ! $toref->{builtin} ) {
|
||||
delete $toref->{references}{$name1} unless --$toref->{references}{$name1} > 0;
|
||||
$toref->{references}{$name2}++;
|
||||
}
|
||||
if ( / -[jg] ([^\s]+)\b/ ) {
|
||||
my $toref = $tableref->{$1};
|
||||
if ( $toref ) {
|
||||
delete $toref->{references}{$name1} unless --$toref->{references}{$name1} > 0;
|
||||
$toref->{references}{$name2}++;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -787,6 +785,7 @@ sub copy_rules( $$ ) {
|
||||
my @rules = @{$chain1->{rules}};
|
||||
my $rules = $chain2->{rules};
|
||||
my $count = @{$chain1->{rules}};
|
||||
my $tableref = $chain_table{$chain1->{table}};
|
||||
#
|
||||
# We allow '+' in chain names and '+' is an RE meta-character. Escape it.
|
||||
#
|
||||
@ -801,6 +800,16 @@ sub copy_rules( $$ ) {
|
||||
trace( $chain2, 'A', ++$rule, $_ ) for @rules;
|
||||
}
|
||||
|
||||
for ( @rules ) {
|
||||
if ( / -[jg] ([^\s]+)\b/ ) {
|
||||
my $toref = $tableref->{$1};
|
||||
if ( $toref ) {
|
||||
delete $toref->{references}{$name1} unless --$toref->{references}{$name1} > 0;
|
||||
$toref->{references}{$name2}++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
push @$rules, @rules;
|
||||
#
|
||||
# Add chain1's references to $chain2
|
||||
@ -1487,6 +1496,8 @@ sub replace_references( $$ ) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
delete $tableref->{target}{references}{$chainref->{name}};
|
||||
} else {
|
||||
#
|
||||
# The target is a builtin -- we must use '-j'
|
||||
@ -1546,6 +1557,8 @@ sub replace_references1( $$$ ) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
delete $tableref->{target}{references}{$chainref->{name}};
|
||||
} else {
|
||||
#
|
||||
# The target is a builtin -- we must use '-j'
|
||||
@ -1569,6 +1582,8 @@ sub replace_references1( $$$ ) {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
progress_message " $count references to chain $chainref->{name} replaced" if $count;
|
||||
|
||||
delete_chain $chainref;
|
||||
@ -1777,7 +1792,7 @@ sub optimize_ruleset() {
|
||||
next CHAIN unless $rules->[$i] eq $rules1->[$i];
|
||||
}
|
||||
|
||||
replace_references $chainref1, $chainref->{name};
|
||||
replace_references1 $chainref1, $chainref->{name}, '';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -773,12 +773,12 @@ sub setup_mac_lists( $ ) {
|
||||
my $source = match_source_net $address;
|
||||
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}"
|
||||
if defined $level && $level ne '';
|
||||
add_rule $chainref , "${mac}${source}-j $targetref->{target}";
|
||||
add_jump $chainref , $targetref->{target}, 0, "${mac}${source} ";
|
||||
}
|
||||
} else {
|
||||
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , $mac
|
||||
if defined $level && $level ne '';
|
||||
add_rule $chainref , "$mac-j $targetref->{target}";
|
||||
add_jump $chainref , $targetref->{target}, 0, "$mac ";
|
||||
}
|
||||
|
||||
progress_message " Maclist entry \"$currentline\" $done";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user