forked from extern/shorewall_code
Fix an optimize 8 bug.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
dde540c42d
commit
cf59d9ec68
@ -744,16 +744,14 @@ sub move_rules( $$ ) {
|
|||||||
$name1 =~ s/\+/\\+/;
|
$name1 =~ s/\+/\\+/;
|
||||||
|
|
||||||
for ( @{$chain1->{rules}} ) {
|
for ( @{$chain1->{rules}} ) {
|
||||||
if ( s/\-([AI]) $name1 /-$1 $name2 / ) {
|
|
||||||
if ( / -[jg] ([^\s]+)\b/ ) {
|
if ( / -[jg] ([^\s]+)\b/ ) {
|
||||||
my $toref = $tableref->{$1};
|
my $toref = $tableref->{$1};
|
||||||
if ( $toref && ! $toref->{builtin} ) {
|
if ( $toref ) {
|
||||||
delete $toref->{references}{$name1} unless --$toref->{references}{$name1} > 0;
|
delete $toref->{references}{$name1} unless --$toref->{references}{$name1} > 0;
|
||||||
$toref->{references}{$name2}++;
|
$toref->{references}{$name2}++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if ( $debug ) {
|
if ( $debug ) {
|
||||||
my $rule = @{$chain1->{rules}};
|
my $rule = @{$chain1->{rules}};
|
||||||
@ -787,6 +785,7 @@ sub copy_rules( $$ ) {
|
|||||||
my @rules = @{$chain1->{rules}};
|
my @rules = @{$chain1->{rules}};
|
||||||
my $rules = $chain2->{rules};
|
my $rules = $chain2->{rules};
|
||||||
my $count = @{$chain1->{rules}};
|
my $count = @{$chain1->{rules}};
|
||||||
|
my $tableref = $chain_table{$chain1->{table}};
|
||||||
#
|
#
|
||||||
# We allow '+' in chain names and '+' is an RE meta-character. Escape it.
|
# We allow '+' in chain names and '+' is an RE meta-character. Escape it.
|
||||||
#
|
#
|
||||||
@ -801,6 +800,16 @@ sub copy_rules( $$ ) {
|
|||||||
trace( $chain2, 'A', ++$rule, $_ ) for @rules;
|
trace( $chain2, 'A', ++$rule, $_ ) for @rules;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for ( @rules ) {
|
||||||
|
if ( / -[jg] ([^\s]+)\b/ ) {
|
||||||
|
my $toref = $tableref->{$1};
|
||||||
|
if ( $toref ) {
|
||||||
|
delete $toref->{references}{$name1} unless --$toref->{references}{$name1} > 0;
|
||||||
|
$toref->{references}{$name2}++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
push @$rules, @rules;
|
push @$rules, @rules;
|
||||||
#
|
#
|
||||||
# Add chain1's references to $chain2
|
# Add chain1's references to $chain2
|
||||||
@ -1487,6 +1496,8 @@ sub replace_references( $$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
delete $tableref->{target}{references}{$chainref->{name}};
|
||||||
} else {
|
} else {
|
||||||
#
|
#
|
||||||
# The target is a builtin -- we must use '-j'
|
# The target is a builtin -- we must use '-j'
|
||||||
@ -1546,6 +1557,8 @@ sub replace_references1( $$$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
delete $tableref->{target}{references}{$chainref->{name}};
|
||||||
} else {
|
} else {
|
||||||
#
|
#
|
||||||
# The target is a builtin -- we must use '-j'
|
# The target is a builtin -- we must use '-j'
|
||||||
@ -1569,6 +1582,8 @@ sub replace_references1( $$$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
progress_message " $count references to chain $chainref->{name} replaced" if $count;
|
progress_message " $count references to chain $chainref->{name} replaced" if $count;
|
||||||
|
|
||||||
delete_chain $chainref;
|
delete_chain $chainref;
|
||||||
@ -1777,7 +1792,7 @@ sub optimize_ruleset() {
|
|||||||
next CHAIN unless $rules->[$i] eq $rules1->[$i];
|
next CHAIN unless $rules->[$i] eq $rules1->[$i];
|
||||||
}
|
}
|
||||||
|
|
||||||
replace_references $chainref1, $chainref->{name};
|
replace_references1 $chainref1, $chainref->{name}, '';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -773,12 +773,12 @@ sub setup_mac_lists( $ ) {
|
|||||||
my $source = match_source_net $address;
|
my $source = match_source_net $address;
|
||||||
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}"
|
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}"
|
||||||
if defined $level && $level ne '';
|
if defined $level && $level ne '';
|
||||||
add_rule $chainref , "${mac}${source}-j $targetref->{target}";
|
add_jump $chainref , $targetref->{target}, 0, "${mac}${source} ";
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , $mac
|
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , $mac
|
||||||
if defined $level && $level ne '';
|
if defined $level && $level ne '';
|
||||||
add_rule $chainref , "$mac-j $targetref->{target}";
|
add_jump $chainref , $targetref->{target}, 0, "$mac ";
|
||||||
}
|
}
|
||||||
|
|
||||||
progress_message " Maclist entry \"$currentline\" $done";
|
progress_message " Maclist entry \"$currentline\" $done";
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user