forked from extern/shorewall_code
Omit fw->fw jumps when there is a local zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
9e77bb5499
commit
fd11eb7d82
@ -1427,6 +1427,7 @@ sub handle_loopback_traffic() {
|
|||||||
my $natout = $nat_table->{OUTPUT};
|
my $natout = $nat_table->{OUTPUT};
|
||||||
my $rawout = $raw_table->{OUTPUT};
|
my $rawout = $raw_table->{OUTPUT};
|
||||||
my $rulenum = 0;
|
my $rulenum = 0;
|
||||||
|
my $local = local_zone;
|
||||||
|
|
||||||
my $outchainref;
|
my $outchainref;
|
||||||
my @rule;
|
my @rule;
|
||||||
@ -1455,6 +1456,8 @@ sub handle_loopback_traffic() {
|
|||||||
#
|
#
|
||||||
if ( $type1 == FIREWALL ) {
|
if ( $type1 == FIREWALL ) {
|
||||||
for my $z2 ( @zones ) {
|
for my $z2 ( @zones ) {
|
||||||
|
next if $local && $z1 eq $z2;
|
||||||
|
|
||||||
my $chain = rules_target( $z1, $z2 );
|
my $chain = rules_target( $z1, $z2 );
|
||||||
|
|
||||||
generate_dest_rules( $outchainref, $chain, $z2, @rule ) if $chain;
|
generate_dest_rules( $outchainref, $chain, $z2, @rule ) if $chain;
|
||||||
|
@ -2450,6 +2450,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
|
|||||||
if ( $destref ) {
|
if ( $destref ) {
|
||||||
warning_message( "The SOURCE zone is local and the DEST zone is off-firewall" ) if $sourceref->{type} == LOCAL && ! ( $destref->{type} & ( FIREWALL | VSERVER ) );
|
warning_message( "The SOURCE zone is local and the DEST zone is off-firewall" ) if $sourceref->{type} == LOCAL && ! ( $destref->{type} & ( FIREWALL | VSERVER ) );
|
||||||
warning_message( "The SOURCE zone is off-firewall and the DEST zone is 'local'" ) if $destref->{type} == LOCAL && ! ( $sourceref->{type} & ( FIREWALL | VSERVER ) );
|
warning_message( "The SOURCE zone is off-firewall and the DEST zone is 'local'" ) if $destref->{type} == LOCAL && ! ( $sourceref->{type} & ( FIREWALL | VSERVER ) );
|
||||||
|
warning_message( "\$FW to \$FW rules are ignored when there is a defined 'local' zone" ) if local_zone && $sourceref->{type} == FIREWALL && $destref->{type} == FIREWALL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -246,10 +246,6 @@ c:a,b ipv4</programlisting>
|
|||||||
|
|
||||||
<para>Only one <emphasis role="bold">local</emphasis> zone may
|
<para>Only one <emphasis role="bold">local</emphasis> zone may
|
||||||
be defined.</para>
|
be defined.</para>
|
||||||
|
|
||||||
<para>When a local zone is defined, you should ensure that the
|
|
||||||
$FW -> $FW policy is ACCEPT; otherwise, extraneous chains
|
|
||||||
and rules will be created.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
@ -244,10 +244,6 @@ c:a,b ipv6</programlisting>
|
|||||||
|
|
||||||
<para>Only one <emphasis role="bold">local</emphasis> zone may
|
<para>Only one <emphasis role="bold">local</emphasis> zone may
|
||||||
be defined.</para>
|
be defined.</para>
|
||||||
|
|
||||||
<para>When a local zone is defined, you should ensure that the
|
|
||||||
$FW -> $FW policy is ACCEPT; otherwise, extraneous chains
|
|
||||||
and rules will be created.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
Loading…
Reference in New Issue
Block a user