The attached patch corrects the logic used to determine if a state action (Established, Related, etc) should generate a rule.
-Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Rules.pm
b/Shorewall/Perl/Shorewall/Rules.pm
index 8fdb886..9203aca 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2687,12 +2687,11 @@ sub check_state( $ ) {
}
} else {
if ( ( $state eq 'ESTABLISHED' ) ||
- ( $state =~ /^(?:INVALID|UNTRACKED|RELATED)$/ &&
$globals{"${state}_DISPOSITION"} ) ) {
- my $sections = $actparms{0}->{sections};
+ ( $state =~ /^(?:INVALID|UNTRACKED|RELATED)$/ &&
$globals{"${state}_TARGET"} ) ) {
+ my $sectionref = $actparms{0}->{sections};
- if ( $sections ) {
- my $sectionnumber = ( $section_map{$state} || 0 );
- return 0 if $sectionnumber & $sections;
+ if ( $sectionref ) {
+ return $sectionref->{$state} ? 0 : 1;
}
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
