On 05/27/2013 06:42 AM, Tom Eastep wrote:
> On 05/27/2013 12:20 AM, Dash Four wrote:
>>
>> Tom Eastep wrote:
>>> So buck up and use your fingers, Mr-4; because when it comes to
>>> Shorewall, my keystrokes are much more valuable than yours.
>>>
>> Why don't you take the above, put it in your bloody pipe and smoke it? I
>> am not going to take any advice, particularly from you, on what to do
>> and how much I am going to bloody type, so kindly do one! As for your
>> arthritis - I couldn't care less to be honest, so there.
>
> I'm not surprised.
>
> Apply the attached long overdue patch, then put this at the top of your
> policy file.
>
> ?BEGIN PERL
> use Shorewall::Zones;
> use strict;
>
> for my $z1 ( local_zones ) {
> for my $z2 ( local_zones ) {
> shorewall "$z1 $z2 NONE" unless $z1 eq $z2;
> }
> }
>
> 1;
>
> ?END PERL
>
> Now, if you have two or ten thousand local zones, there will be no
> locala2localb chains created.Or apply this patch and be done with it. If someone wants to forward between local zones in the future, I'll add a config option to allow it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index cc103c9..dd45b1b 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -2179,7 +2179,7 @@ sub generate_matrix() {
} # Interface Loop
} #Type Loop
- next if $type == LOOPBACK;
+ next if $type & ( LOOPBACK | LOCAL );
if ( $frwd_ref ) {
#
@@ -2203,10 +2203,7 @@ sub generate_matrix() {
next if $filter_table->{rules_chain( ${zone}, ${zone1} )}->{policy} eq 'NONE';
- next if $type1 == LOOPBACK;
-
- next if $type == LOCAL && $type1 != LOCAL;
- next if $type1 == LOCAL && $type != LOCAL;
+ next if $type1 & ( LOOPBACK | LOCAL );
my $chain = rules_target $zone, $zone1;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
