From 5b11cc9e6ee2ec7f3355c89a240f0eb772c87d85 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 6 Jun 2007 23:40:40 +0000
Subject: [PATCH] Catch invalid policies

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6477 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Policy.pm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm
index ebcb153eb..9efbef339 100644
--- a/Shorewall-perl/Shorewall/Policy.pm
+++ b/Shorewall-perl/Shorewall/Policy.pm
@@ -185,6 +185,13 @@ sub validate_policy()
 		if ( $zones{$client}{type} eq 'firewall' ) || ( $zones{$server}{type} eq 'firewall' );
 	}
 
+	unless ( $clientwild || $serverwild ) {
+	    if ( $zones{$server}{type} eq 'bport4' ) {
+		fatal_error "Invalid policy - DEST zone is a Bridge Port zone but the SOURCE zone is not associated with the same bridge" 
+		    unless $zones{$client}{bridge} eq $zones{$server}{bridge};
+	    }
+	}   
+
 	my $chain = "${client}2${server}";
 	my $chainref;