holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More fiddling with move_rules()

Browse Source 
- Assert that the chain being moved has no blacklist jumps
- delete duplicate rules in case the destination chain has such a jump
This commit is contained in:
Tom Eastep 2010-09-20 18:00:39 -07:00
parent c21a4d786d
commit dbd7914ee6
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -717,6 +717,8 @@ sub move_rules( $$ ) {
my $count = @{$chain1->{rules}}; my $count = @{$chain1->{rules}};
my $tableref = $chain_table{$chain1->{table}}; my $tableref = $chain_table{$chain1->{table}};
my $blacklist = $chain2->{blacklist}; my $blacklist = $chain2->{blacklist};
assert( ! $chain1->{blacklist} );
# #
# We allow '+' in chain names and '+' is an RE meta-character. Escape it. # We allow '+' in chain names and '+' is an RE meta-character. Escape it.
# #
@ -735,11 +737,15 @@ sub move_rules( $$ ) {
$chain2->{referenced} = 1; $chain2->{referenced} = 1;
unless ( $chain2->{blacklist} += $chain1->{blacklist} ) { #
# # In a firewall->x policy chain, multiple DHCP ACCEPT rules can be moved to the head of the chain.
# In a firewall->x policy chain, multiple DHCP ACCEPT rules can be moved to the head of the chain. # This hack avoids that.
# This hack avoids that. #
# if ( $blacklist ) {
my $rule = shift @{$rules};
shift @{$rules} while @{$rules} > 1 && $rules->[0] eq $rules->[1];
unshift @{$rules}, $rule;
} else {
shift @{$rules} while @{$rules} > 1 && $rules->[0] eq $rules->[1]; shift @{$rules} while @{$rules} > 1 && $rules->[0] eq $rules->[1];
} }