holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Only process routestopped when stoppedrules does not exist or is empty

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-09-04 08:46:04 -07:00
parent 2050d566b8
commit eb854f1dbe
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -691,16 +691,19 @@ sub process_routestopped() {
}
#
# Process the stoppedrules file
# Process the stoppedrules file. Returns true if the file was non-empty.
#
sub process_stoppedrules() {
my $fw = firewall_zone;
my $result;
if ( my $fn = open_file 'stoppedrules' ) {
first_entry "$doing $fn...";
while ( read_a_line( NORMAL_READ ) ) {
$result = 1;
my ( $target, $source, $dest, $proto, $ports, $sports ) =
split_line1 'stoppedrules file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5 }, { COMMENT => 0, FORMAT => 2 };
@ -768,6 +771,8 @@ sub process_stoppedrules() {
}
clear_comment;
$result;
}
sub setup_mss();
@ -2517,8 +2522,7 @@ EOF
}
}
process_routestopped;
process_stoppedrules;
process_routestopped unless process_stoppedrules;
add_ijump $input, j => 'ACCEPT', i => 'lo';
add_ijump $output, j => 'ACCEPT', o => 'lo' unless $config{ADMINISABSENTMINDED};