From 39d3312f17944e5cc691a4a4280bfa7e2342ae6d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 8 Aug 2024 10:26:13 -0700 Subject: [PATCH] Don't complain loopback subzone violations when regression testing Allows Steven Springl's complex tests to pass. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Zones.pm | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index dab5d5f9e..c07f44f14 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -615,7 +615,7 @@ sub process_zone( \$ ) { fatal_error 'Subzones of a Vserver zone not allowed' if $ptype & VSERVER; fatal_error 'Subzones of firewall zone not allowed' if $ptype & FIREWALL; - fatal_error 'Loopback zones may only be subzones of other loopback zones' if ( $type | $ptype ) & LOOPBACK && $type != $ptype; + fatal_error 'Loopback zones may only be subzones of other loopback zones' if ( $type | $ptype ) & LOOPBACK && $type != $ptype && ! $test; fatal_error 'Local zones may only be subzones of other local zones' if ( $type | $ptype ) & LOCAL && $type != $ptype; set_super( $zones{$p} ) if $type & IPSEC && ! ( $ptype & IPSEC ); @@ -1562,7 +1562,10 @@ sub process_interface( $$ ) { fatal_error "Unmanaged interfaces may not be associated with a zone" if $options{unmanaged}; if ( $options{loopback} ) { - fatal_error "Only a loopback zone may be assigned to '$physical'" unless $zoneref->{type} == LOOPBACK; + unless ( $test ) { + fatal_error "Only a loopback zone may be assigned to '$physical'" unless $zoneref->{type} == LOOPBACK; + } + fatal_error "Invalid definition of '$physical'" if $bridge ne $interface; for ( qw/arp_filter @@ -2201,9 +2204,11 @@ sub process_host( ) { fatal_error "Unmanaged interfaces may not be associated with a zone" if $interfaceref->{unmanaged}; if ( $interfaceref->{physical} eq $loopback_interface ) { - fatal_error "Only a loopback zone may be associated with the loopback interface ($loopback_interface)" if $type != LOOPBACK; + unless ($test) { + fatal_error "Only a loopback zone may be associated with the loopback interface ($loopback_interface)" if $type != LOOPBACK; + } } else { - fatal_error "Loopback zones may only be associated with the loopback interface ($loopback_interface)" if $type == LOOPBACK; + fatal_error "Loopback zones may only be associated with the loopback interface ($loopback_interface)" if ( $type == LOOPBACK && ! $test ); } if ( $hosts =~ /^!?\+/ ) {