From f21c71d7a672acb6ea69451509540c362085b076 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 28 Nov 2009 07:19:41 -0800 Subject: [PATCH] Revert "Match section rules to the number of mark rules" This reverts commit 1699d8e941db82b55192ece0de1164189095b89b. --- Shorewall/Perl/Shorewall/Chains.pm | 12 +----------- Shorewall/Perl/Shorewall/Policy.pm | 6 ++++-- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 1137477c7..1626e11b7 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -1148,17 +1148,7 @@ sub finish_chain_section ($$) { $comment = ''; - unless ( $config{FASTACCEPT} ) { - if ( $chainref->{marked} ) { - if ( $chainref->{marked} == @{$chainref->{rules}} ) { - insert_rule( $chainref, 0, "-m state --state $state -j ACCEPT" ); - } else { - add_rule $chainref, "-m state --state $state -j ACCEPT"; - } - } else { - add_rule $chainref, "-m state --state $state -j ACCEPT"; - } - } + add_rule $chainref, "-m state --state $state -j ACCEPT" unless $config{FASTACCEPT}; if ($sections{NEW} ) { if ( $chainref->{is_policy} ) { diff --git a/Shorewall/Perl/Shorewall/Policy.pm b/Shorewall/Perl/Shorewall/Policy.pm index 3969ba737..71ce02b62 100644 --- a/Shorewall/Perl/Shorewall/Policy.pm +++ b/Shorewall/Perl/Shorewall/Policy.pm @@ -136,8 +136,10 @@ sub add_or_modify_policy_chain( $$ ) { my $mark = defined_zone( $zone )->{mark}; my $mark1 = defined_zone( $zone1 )->{mark} << VIRTUAL_BITS; - $chainref->{marked} = 1, add_rule $chainref, '-j MARK --or-mark ' . in_hex($mark) if $mark && $zone1 eq firewall_zone; - $chainref->{marked}++ , add_rule $chainref, '-j MARK --or-mark ' . in_hex($mark1) if $mark1; + add_rule $chainref, '-j MARK --or-mark ' . in_hex($mark) if $mark && $zone1 eq firewall_zone; + add_rule $chainref, '-j MARK --or-mark ' . in_hex($mark1) if $mark1; + + $chainref->{marked} = 1; } }