From f568f3df9ec5973a4ab8c501d4753fcdff667de6 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 28 Dec 2009 15:05:54 -0800 Subject: [PATCH] Final fix for Marcus Limosani's problem --- Shorewall/Perl/Shorewall/Rules.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 6b8f74597..55d3c4b68 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -1710,7 +1710,7 @@ sub generate_matrix() { my $sourcechainref; my $interfacematch = ''; - if ( use_forward_chain( $interface ) || $forward_jump_added{$interface} ) { + if ( use_forward_chain( $interface ) ) { $sourcechainref = $filter_table->{forward_chain $interface}; add_jump $filter_table->{FORWARD} , $sourcechainref, 0 , match_source_dev( $interface ) unless $forward_jump_added{$interface}++; } else { @@ -1822,7 +1822,7 @@ sub generate_matrix() { my $outputref; my $interfacematch = ''; - if ( use_output_chain( $interface ) || $output_jump_added{$interface} ) { + if ( use_output_chain $interface ) { $outputref = $filter_table->{output_chain $interface}; add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++; } else { @@ -1871,7 +1871,7 @@ sub generate_matrix() { my $inputchainref; my $interfacematch = ''; - if ( use_input_chain( $interface ) || $input_jump_added{$interface} ) { + if ( use_input_chain $interface ) { $inputchainref = $filter_table->{input_chain $interface}; add_jump $filter_table->{INPUT}, $inputchainref, 0, match_source_dev($interface) unless $input_jump_added{$interface}++; } else { @@ -2007,7 +2007,7 @@ sub generate_matrix() { my $match_source_dev = ''; my $forwardchainref = $filter_table->{forward_chain $interface}; - if ( use_forward_chain $interface || ( @{$forwardchainref->{rules} } && ! $chainref ) ) { + if ( use_forward_chain( $interface ) || $forward_jump_added{$interface} || ( @{$forwardchainref->{rules} } && ! $chainref ) ) { # # Either we must use the interface's forwarding chain or that chain has rules and we have nowhere to move them #