extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-06 01:36:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reincarnation of Dynamic Zones -- Phase I

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9610 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-03-06 00:14:42 +00:00
parent be8e9990bd
commit 3795f02f70
1 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -185,7 +185,6 @@ sub parse_zone_option_list($$)
"tunnel-src" => NETWORK, "tunnel-src" => NETWORK,
"tunnel-dst" => NETWORK, "tunnel-dst" => NETWORK,
); );
# #
# Hash of options that have their own key in the returned hash. # Hash of options that have their own key in the returned hash.
# #
@ -523,6 +522,7 @@ sub add_group_to_zone($$$$$)
if ( substr( $host, 0, 1 ) eq '+' ) { if ( substr( $host, 0, 1 ) eq '+' ) {
fatal_error "Invalid ipset name ($host)" unless $host =~ /^\+[a-zA-Z]\w*$/; fatal_error "Invalid ipset name ($host)" unless $host =~ /^\+[a-zA-Z]\w*$/;
require_capability( 'IPSET_MATCH', 'Ipset names in host lists', '');
} else { } else {
validate_host $host, 0; validate_host $host, 0;
} }
@ -741,7 +741,7 @@ sub validate_interfaces_file( $ )
if ( $options ) { if ( $options ) {
my %hostoptions; my %hostoptions = ( dynamic => 0 );
for my $option (split_list1 $options, 'option' ) { for my $option (split_list1 $options, 'option' ) {
next if $option eq '-'; next if $option eq '-';
@ -798,8 +798,14 @@ sub validate_interfaces_file( $ )
# Add all IP to the front of a list if the list begins with '!' # Add all IP to the front of a list if the list begins with '!'
# #
$value = join ',' , ALLIP , $value if $value =~ /^!/; $value = join ',' , ALLIP , $value if $value =~ /^!/;
if ( $value eq 'dynamic' ) {
require_capability( 'IPSET_MATCH', 'Dynamic nets', '');
$value = "+${zone}_${interface}";
$hostoptions{dynamic} = 1;
}
# #
# Convert into a Perl array # Convert into a Perl array reference
# #
$nets = [ split_list $value, 'address' ]; $nets = [ split_list $value, 'address' ];
# #
@ -1075,11 +1081,11 @@ sub validate_hosts_file()
} }
} }
my $optionsref = {}; my $optionsref = { dynamic => 0 };
if ( $options ne '-' ) { if ( $options ne '-' ) {
my @options = split_list $options, 'option'; my @options = split_list $options, 'option';
my %options; my %options = ( dynamic => 0 );
for my $option ( @options ) for my $option ( @options )
{ {
@ -1112,6 +1118,12 @@ sub validate_hosts_file()
# #
$hosts = join( '', ALLIP , $hosts ) if substr($hosts, 0, 2 ) eq ',!'; $hosts = join( '', ALLIP , $hosts ) if substr($hosts, 0, 2 ) eq ',!';
if ( $hosts eq 'dynamic' ) {
require_capability( 'IPSET_MATCH', 'Dynamic nets', '');
$hosts = "+${zone}_${interface}";
$optionsref->{dynamic} = 1;
}
add_group_to_zone( $zone, $type , $interface, [ split_list( $hosts, 'host' ) ] , $optionsref); add_group_to_zone( $zone, $type , $interface, [ split_list( $hosts, 'host' ) ] , $optionsref);
progress_message " Host \"$currentline\" validated"; progress_message " Host \"$currentline\" validated";