see #2097 #133 : no need to replace cluster interfaces with member interfaces in NATCompiler_pf::AssignInterface::processNext() since it was already done in replaceClusterInterfaceInItfOutb

2026-03-19 17:57:22 +01:00 · 2011-02-17 15:36:28 -08:00 · 2011-02-17 15:36:28 -08:00 · 5162212073
commit 5162212073
parent cf17bb995c
3 changed files with 8 additions and 33 deletions
--- a/src/iptlib/NATCompiler_ipt.cpp
+++ b/src/iptlib/NATCompiler_ipt.cpp
@ -2042,6 +2042,12 @@ bool NATCompiler_ipt::decideOnTarget::processNext()
 }

 /*
+ * This rule processor chooses interfaces for the rule automatically
+ * if user did not set them manually in "Inbound Interface" and
+ * "Outbound Interface" columns.
+ *
+ * Automatic algorithm:
+ *
 * this processor works together with ReplaceFirewallObjectsTSrc and
 * ConvertToAtomicRules. If the first two left interface object in
 * TSrc, AssignInterfaces assigns this rule to the corresponding
--- a/src/pflib/NATCompiler_pf.cpp
+++ b/src/pflib/NATCompiler_pf.cpp
@ -725,37 +725,6 @@ bool NATCompiler_pf::AssignInterface::processNext()

    if ( ! itf_re->isAny())
    {
-        list<FWObject*> intf_list;
-        intf_list.insert(intf_list.begin(), itf_re->begin(), itf_re->end());
-        list<FWObject*>::iterator it;
-
-        for (it=intf_list.begin(); it!=intf_list.end(); ++it)
-        {
-            Interface *intf = Interface::cast(FWObjectReference::getObject(*it));
-            assert(intf!=NULL);
-
-            if (intf->isFailoverInterface())
-            {
-                FailoverClusterGroup *fg = FailoverClusterGroup::cast(
-                    intf->getFirstByType(FailoverClusterGroup::TYPENAME));
-                if (fg)
-                {
-                    Interface *fw_intf =
-                        fg->getInterfaceForMemberFirewall(compiler->fw);
-                    itf_re->removeRef(intf);
-                    itf_re->addRef(fw_intf);
-                    intf = fw_intf;
-                }
-            }
-
-            if ( ! intf->isChildOf(compiler->fw))
-            {
-                QString err("Interface object %1 used in 'Interface' column "
-                            "of the rule must belong to the same firewall");
-                compiler->abort(rule, err.arg(intf->getName().c_str()).toStdString());
-            }
-        }
-
        tmp_queue.push_back(rule);
        return true;
    }
--- a/test/pf/pf_cluster_4_rc.conf.local
+++ b/test/pf/pf_cluster_4_rc.conf.local
@ -3,7 +3,7 @@
 #
 #  Firewall Builder  fwb_pf v4.2.0.3480
 #
-#  Generated Thu Feb 17 11:47:05 2011 PST by vadim
+#  Generated Thu Feb 17 15:35:29 2011 PST by vadim
 #
 # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
 # files:   pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf