extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-16 11:20:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't use policy match if there are no IPSEC zones or host groups

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5595 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-20 14:15:11 +00:00
parent ee77f5b8d8
commit 6f114931bf
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
New/Shorewall/Hosts.pm
View File

@ -50,6 +50,8 @@ sub validate_hosts_file()
tcpflags => 1, tcpflags => 1,
); );
my $ipsec = 0;
open HOSTS, "$ENV{TMP_DIR}/hosts" or fatal_error "Unable to open stripped hosts file: $!"; open HOSTS, "$ENV{TMP_DIR}/hosts" or fatal_error "Unable to open stripped hosts file: $!";
while ( $line = <HOSTS> ) { while ( $line = <HOSTS> ) {
@ -89,6 +91,7 @@ sub validate_hosts_file()
if ( $option eq 'ipsec' ) { if ( $option eq 'ipsec' ) {
$type = 'ipsec'; $type = 'ipsec';
$zoneref->{options}{complex} = 1; $zoneref->{options}{complex} = 1;
$ipsec = 1;
} elsif ( $validoptions{$option}) { } elsif ( $validoptions{$option}) {
$options{$option} = 1; $options{$option} = 1;
} else { } else {
@ -107,6 +110,8 @@ sub validate_hosts_file()
} }
close HOSTS; close HOSTS;
$capabilities{POLICY_MATCH} = '' unless $ipsec or $zones{ipsec};
} }
# #
# Returns a reference to a array of host entries. Each entry is a # Returns a reference to a array of host entries. Each entry is a