#312 generate simpler rules for sub-policies

open
Vadim Kurland
5
2012-08-10
2012-08-10
schaarsc
No

if a policy is marked as Topruleset=true then this is generated
$IPTABLES -A INPUT -s 192.178.168.2 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -s 192.178.168.5 -m state --state NEW -j ACCEPT

however if topruleset=false then
$IPTABLES -N INBOUND
$IPTABLES -N Cid4285X10633.0
$IPTABLES -A INBOUND -i + -d 192.178.168.1 -m state --state NEW -j Cid4285X10633.0
$IPTABLES -A Cid4285X10633.0 -s 192.178.168.2 -j ACCEPT
$IPTABLES -A Cid4285X10633.0 -s 192.178.168.5 -j ACCEPT

why is Cid4285X10633 used?
why not
$IPTABLES -N INBOUND
$IPTABLES -A INBOUND -s 192.178.168.2 -m state --state NEW -j ACCEPT
$IPTABLES -A INBOUND -s 192.178.168.5 -m state --state NEW -j ACCEPT

Discussion

  • schaarsc
    schaarsc
    2012-08-10

    sample

     
    Attachments