From: Mark Wooding <mdw@distorted.org.uk>
Date: Wed, 7 Mar 2012 02:52:25 +0000 (+0000)
Subject: functions: Move NTP server list out of line.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/ace5a2fbd7d0044d7bc40e3555905b1f4a085250

functions: Move NTP server list out of line.

Makes the `inbound' chain slightly more efficient in the common case.
---

diff --git a/functions.m4 b/functions.m4
index d059de6..2267af6 100644
--- a/functions.m4
+++ b/functions.m4
@@ -289,11 +289,12 @@ allowservices () {
 ## Add rules to CHAIN to allow NTP with NTPSERVERs.
 ntpclient () {
   set -e
-  chain=$1; shift
-  for ntp; do
-    run iptables -A $chain -s $ntp -j ACCEPT \
-	    -p udp --source-port 123 --destination-port 123
-  done
+  ntpchain=$1; shift
+
+  clearchain ntp-servers
+  for ntp; do run iptables -A ntp-servers -j ACCEPT -s $ntp; done
+  run iptables -A $ntpchain -j ntp-servers \
+	  -p udp --source-port 123 --destination-port 123
 }
 
 ## dnsresolver CHAIN