onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 17:57:22 +01:00
Code Issues Releases Wiki Activity

see #2097 #133 : no need to replace cluster interfaces with member interfaces in NATCompiler_pf::AssignInterface::processNext() since it was already done in replaceClusterInterfaceInItfOutb

Browse Source
This commit is contained in:
Vadim Kurland 2011-02-17 15:36:28 -08:00
parent cf17bb995c
commit 5162212073
3 changed files with 8 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/iptlib/NATCompiler_ipt.cpp
View File

@ -2042,6 +2042,12 @@ bool NATCompiler_ipt::decideOnTarget::processNext()
} }
/* /*
* This rule processor chooses interfaces for the rule automatically
* if user did not set them manually in "Inbound Interface" and
* "Outbound Interface" columns.
*
* Automatic algorithm:
*
* this processor works together with ReplaceFirewallObjectsTSrc and * this processor works together with ReplaceFirewallObjectsTSrc and
* ConvertToAtomicRules. If the first two left interface object in * ConvertToAtomicRules. If the first two left interface object in
* TSrc, AssignInterfaces assigns this rule to the corresponding * TSrc, AssignInterfaces assigns this rule to the corresponding
@ -2075,7 +2081,7 @@ bool NATCompiler_ipt::decideOnTarget::processNext()
bool NATCompiler_ipt::AssignInterface::processNext() bool NATCompiler_ipt::AssignInterface::processNext()
{ {
NATCompiler_ipt *ipt_comp = dynamic_cast<NATCompiler_ipt*>(compiler); NATCompiler_ipt *ipt_comp = dynamic_cast<NATCompiler_ipt*>(compiler);
NATRule *rule=getNext(); if (rule==NULL) return false; NATRule *rule = getNext(); if (rule==NULL) return false;
// Address *a=NULL; // Address *a=NULL;
// FWObject *ref; // FWObject *ref;

31
src/pflib/NATCompiler_pf.cpp
View File

@ -725,37 +725,6 @@ bool NATCompiler_pf::AssignInterface::processNext()
if ( ! itf_re->isAny()) if ( ! itf_re->isAny())
{ {
list<FWObject*> intf_list;
intf_list.insert(intf_list.begin(), itf_re->begin(), itf_re->end());
list<FWObject*>::iterator it;
for (it=intf_list.begin(); it!=intf_list.end(); ++it)
{
Interface *intf = Interface::cast(FWObjectReference::getObject(*it));
assert(intf!=NULL);
if (intf->isFailoverInterface())
{
FailoverClusterGroup *fg = FailoverClusterGroup::cast(
intf->getFirstByType(FailoverClusterGroup::TYPENAME));
if (fg)
{
Interface *fw_intf =
fg->getInterfaceForMemberFirewall(compiler->fw);
itf_re->removeRef(intf);
itf_re->addRef(fw_intf);
intf = fw_intf;
}
}
if ( ! intf->isChildOf(compiler->fw))
{
QString err("Interface object %1 used in 'Interface' column "
"of the rule must belong to the same firewall");
compiler->abort(rule, err.arg(intf->getName().c_str()).toStdString());
}
}
tmp_queue.push_back(rule); tmp_queue.push_back(rule);
return true; return true;
} }

2
test/pf/pf_cluster_4_rc.conf.local
View File

@ -3,7 +3,7 @@
# #
# Firewall Builder fwb_pf v4.2.0.3480 # Firewall Builder fwb_pf v4.2.0.3480
# #
# Generated Thu Feb 17 11:47:05 2011 PST by vadim # Generated Thu Feb 17 15:35:29 2011 PST by vadim
# #
# files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
# files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf # files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf