extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow extending a zone defined with nets=

Browse Source
This commit is contained in:
Tom Eastep 2009-08-29 07:20:16 -07:00
parent acfdc7e481
commit 4809314fc1
3 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -597,7 +597,6 @@ sub add_group_to_zone($$$$$)
my $interfaceref; my $interfaceref;
my $zoneref = $zones{$zone}; my $zoneref = $zones{$zone};
my $zonetype = $zoneref->{type}; my $zonetype = $zoneref->{type};
my $ifacezone = $interfaces{$interface}{zone};
$zoneref->{interfaces}{$interface} = 1; $zoneref->{interfaces}{$interface} = 1;
@ -606,8 +605,6 @@ sub add_group_to_zone($$$$$)
my $new = \@newnetworks; my $new = \@newnetworks;
my $switched = 0; my $switched = 0;
$ifacezone = '' unless defined $ifacezone;
for my $host ( @$networks ) { for my $host ( @$networks ) {
$interfaces{$interface}{nets}++; $interfaces{$interface}{nets}++;
@ -622,8 +619,8 @@ sub add_group_to_zone($$$$$)
unless ( $switched ) { unless ( $switched ) {
if ( $type == $zonetype ) { if ( $type == $zonetype ) {
fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if $ifacezone eq $zone; fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if $interfaces{$interface}{zone} eq $zone;
$ifacezone = $zone if $host eq ALLIP; $interfaces{$interface}{zone} = $zone if $host eq ALLIP;
} }
} }
@ -885,7 +882,9 @@ sub process_interface( $ ) {
number => $nextinum , number => $nextinum ,
root => $root , root => $root ,
broadcasts => $broadcasts , broadcasts => $broadcasts ,
options => \%options }; options => \%options ,
zone => ''
};
$nets = [ allip ] unless $nets; $nets = [ allip ] unless $nets;
@ -894,8 +893,6 @@ sub process_interface( $ ) {
add_group_to_zone( $zone, $zoneref->{type}, $interface, [ IPv4_MULTICAST ], { destonly => 1 } ) if $hostoptionsref->{multicast}; add_group_to_zone( $zone, $zoneref->{type}, $interface, [ IPv4_MULTICAST ], { destonly => 1 } ) if $hostoptionsref->{multicast};
} }
$interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone()
progress_message " Interface \"$currentline\" Validated"; progress_message " Interface \"$currentline\" Validated";
return $interface; return $interface;

2
Shorewall/changelog.txt
View File

@ -22,6 +22,8 @@ Changes in Shorewall 4.4.1
11) Allow multicast to non-dynamic zones with nets=. 11) Allow multicast to non-dynamic zones with nets=.
12) Allow zones with nets= to be extended by /etc/shorewall/hosts entries.
Changes in Shorewall 4.4.0 Changes in Shorewall 4.4.0
1) Fix 'compile ... -' so that it no longer requires '-v-1' 1) Fix 'compile ... -' so that it no longer requires '-v-1'

4
Shorewall/releasenotes.txt
View File

@ -180,6 +180,10 @@ Shorewall 4.4.1
one-interface sample configuration since forwarding is typically one-interface sample configuration since forwarding is typically
not required with only a single interface. not required with only a single interface.
4) Previously, the definition of a that specified nets= in
/etc/shorewall/interfaces could not be extended by entries in
/etc/shorewall/hosts.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G K N O W N P R O B L E M S R E M A I N I N G
---------------------------------------------------------------------------- ----------------------------------------------------------------------------