extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-04 17:05:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make wildcard/option checks order-independent WRT the options

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-12-23 10:24:08 -08:00
parent 17f4fd7cd2
commit 38de9c1732
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -350,7 +350,7 @@ sub initialize( $$ ) {
arp_ignore => ENUM_IF_OPTION, arp_ignore => ENUM_IF_OPTION,
blacklist => SIMPLE_IF_OPTION + IF_OPTION_HOST, blacklist => SIMPLE_IF_OPTION + IF_OPTION_HOST,
bridge => SIMPLE_IF_OPTION, bridge => SIMPLE_IF_OPTION,
dbl => ENUM_IF_OPTION, dbl => ENUM_IF_OPTION + IF_OPTION_WILDOK,
destonly => SIMPLE_IF_OPTION + IF_OPTION_HOST, destonly => SIMPLE_IF_OPTION + IF_OPTION_HOST,
detectnets => OBSOLETE_IF_OPTION, detectnets => OBSOLETE_IF_OPTION,
dhcp => SIMPLE_IF_OPTION, dhcp => SIMPLE_IF_OPTION,
@ -401,7 +401,7 @@ sub initialize( $$ ) {
%validinterfaceoptions = ( accept_ra => NUMERIC_IF_OPTION, %validinterfaceoptions = ( accept_ra => NUMERIC_IF_OPTION,
blacklist => SIMPLE_IF_OPTION + IF_OPTION_HOST, blacklist => SIMPLE_IF_OPTION + IF_OPTION_HOST,
bridge => SIMPLE_IF_OPTION, bridge => SIMPLE_IF_OPTION,
dbl => ENUM_IF_OPTION, dbl => ENUM_IF_OPTION + IF_OPTION_WILDOK,
destonly => SIMPLE_IF_OPTION + IF_OPTION_HOST, destonly => SIMPLE_IF_OPTION + IF_OPTION_HOST,
dhcp => SIMPLE_IF_OPTION, dhcp => SIMPLE_IF_OPTION,
ignore => NUMERIC_IF_OPTION + IF_OPTION_WILDOK, ignore => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
@ -1276,8 +1276,6 @@ sub process_interface( $$ ) {
my $hostopt = $type & IF_OPTION_HOST; my $hostopt = $type & IF_OPTION_HOST;
my $fulltype = $type;
$type &= MASK_IF_OPTION; $type &= MASK_IF_OPTION;
unless ( $type == BINARY_IF_OPTION && defined $value && $value eq '0' ) { unless ( $type == BINARY_IF_OPTION && defined $value && $value eq '0' ) {
@ -1392,12 +1390,6 @@ sub process_interface( $$ ) {
} else { } else {
warning_message "Support for the $option interface option has been removed from Shorewall"; warning_message "Support for the $option interface option has been removed from Shorewall";
} }
if ( $root ) {
warning_message( "The '$option' option is ignored when used with a wildcard physical name" ), delete $options{$option} if $physwild && $procinterfaceoptions{$option};
} else {
warning_message( "The '$option' option is ignored when used with interface name '+'" ), delete $options{$option} unless $fulltype & IF_OPTION_WILDOK;
}
} }
fatal_error q(The 'required', 'optional' and 'ignore' options are mutually exclusive) fatal_error q(The 'required', 'optional' and 'ignore' options are mutually exclusive)
@ -1418,6 +1410,14 @@ sub process_interface( $$ ) {
$options{ignore} = 0; $options{ignore} = 0;
} }
for my $option ( keys %options ) {
if ( $root ) {
warning_message( "The '$option' option is ignored when used with a wildcard physical name" ), delete $options{$option} if $physwild && $procinterfaceoptions{$option};
} else {
warning_message( "The '$option' option is ignored when used with interface name '+'" ), delete $options{$option} unless $validinterfaceoptions{$option} & IF_OPTION_WILDOK;
}
}
if ( $netsref eq 'dynamic' ) { if ( $netsref eq 'dynamic' ) {
my $ipset = $family == F_IPV4 ? "${zone}" : "6_${zone}"; my $ipset = $family == F_IPV4 ? "${zone}" : "6_${zone}";
$ipset = join( '_', $ipset, var_base1( $physical ) ) unless $zoneref->{options}{in_out}{dynamic_shared}; $ipset = join( '_', $ipset, var_base1( $physical ) ) unless $zoneref->{options}{in_out}{dynamic_shared};