mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-29 17:48:53 +01:00
Change the 'dynamic' zone option to 'dynamic_shared'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
1df48b46ef
commit
0c9cc4a233
@ -240,25 +240,25 @@ my %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore =>
|
|||||||
|
|
||||||
my %validhostoptions;
|
my %validhostoptions;
|
||||||
|
|
||||||
my %validzoneoptions = ( mss => NUMERIC,
|
my %validzoneoptions = ( mss => NUMERIC,
|
||||||
nomark => NOTHING,
|
nomark => NOTHING,
|
||||||
blacklist => NOTHING,
|
blacklist => NOTHING,
|
||||||
dynamic => NOTHING,
|
dynamic_shared => NOTHING,
|
||||||
strict => NOTHING,
|
strict => NOTHING,
|
||||||
next => NOTHING,
|
next => NOTHING,
|
||||||
reqid => NUMERIC,
|
reqid => NUMERIC,
|
||||||
spi => NUMERIC,
|
spi => NUMERIC,
|
||||||
proto => IPSECPROTO,
|
proto => IPSECPROTO,
|
||||||
mode => IPSECMODE,
|
mode => IPSECMODE,
|
||||||
"tunnel-src" => NETWORK,
|
"tunnel-src" => NETWORK,
|
||||||
"tunnel-dst" => NETWORK,
|
"tunnel-dst" => NETWORK,
|
||||||
);
|
);
|
||||||
|
|
||||||
use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8, IN_OUT_ONLY => 16 };
|
use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8, IN_OUT_ONLY => 16 };
|
||||||
#
|
#
|
||||||
# Hash of options that have their own key in the returned hash.
|
# Hash of options that have their own key in the returned hash.
|
||||||
#
|
#
|
||||||
my %zonekey = ( mss => UNRESTRICTED | COMPLEX , blacklist => NOFW, nomark => NOFW | IN_OUT_ONLY, dynamic => IN_OUT_ONLY );
|
my %zonekey = ( mss => UNRESTRICTED | COMPLEX , blacklist => NOFW, nomark => NOFW | IN_OUT_ONLY, dynamic_shared => IN_OUT_ONLY );
|
||||||
|
|
||||||
#
|
#
|
||||||
# Rather than initializing globals in an INIT block or during declaration,
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
@ -1251,7 +1251,7 @@ sub process_interface( $$ ) {
|
|||||||
|
|
||||||
if ( $netsref eq 'dynamic' ) {
|
if ( $netsref eq 'dynamic' ) {
|
||||||
my $ipset = $family == F_IPV4 ? "${zone}" : "6_${zone}";
|
my $ipset = $family == F_IPV4 ? "${zone}" : "6_${zone}";
|
||||||
$ipset = join( '_', $ipset, chain_base1( $physical ) ) unless $zoneref->{options}{in_out}{dynamic};
|
$ipset = join( '_', $ipset, chain_base1( $physical ) ) unless $zoneref->{options}{in_out}{dynamic_shared};
|
||||||
$netsref = [ "+$ipset" ];
|
$netsref = [ "+$ipset" ];
|
||||||
$ipsets{$ipset} = 1;
|
$ipsets{$ipset} = 1;
|
||||||
}
|
}
|
||||||
@ -1903,7 +1903,7 @@ sub process_host( ) {
|
|||||||
|
|
||||||
my $set = $family == F_IPV4 ? "${zone}" : "6_${zone}";
|
my $set = $family == F_IPV4 ? "${zone}" : "6_${zone}";
|
||||||
|
|
||||||
unless ( $zoneref->{options}{in_out}{dynamic} ) {
|
unless ( $zoneref->{options}{in_out}{dynamic_shared} ) {
|
||||||
my $physical = chain_base1( physical_name $interface );
|
my $physical = chain_base1( physical_name $interface );
|
||||||
$set = join( '_', $set, $physical );
|
$set = join( '_', $set, $physical );
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user