extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make zones with 'mss' complex.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-09-27 13:57:56 -07:00
parent 489364a1a0
commit 75d50d126c
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -310,11 +310,11 @@ sub parse_zone_option_list($$\$)
"tunnel-dst" => NETWORK, "tunnel-dst" => NETWORK,
); );
use constant { UNRESTRICTED => 1, NOFW => 2 }; use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8 };
# #
# Hash of options that have their own key in the returned hash. # Hash of options that have their own key in the returned hash.
# #
my %key = ( mss => UNRESTRICTED , blacklist => NOFW ); my %key = ( mss => UNRESTRICTED | COMPLEX , blacklist => NOFW );
my ( $list, $zonetype, $complexref ) = @_; my ( $list, $zonetype, $complexref ) = @_;
my %h; my %h;
@ -346,8 +346,11 @@ sub parse_zone_option_list($$\$)
fatal_error "Invalid value ($val) for option \"$e\"" unless $val =~ /^($fmt)$/; fatal_error "Invalid value ($val) for option \"$e\"" unless $val =~ /^($fmt)$/;
} }
if ( $key{$e} ) { my $key = $key{$e};
fatal_error "Option '$e' not permitted with this zone type " if $key{$e} == NOFW && ($zonetype == FIREWALL || $zonetype == VSERVER);
if ( $key ) {
fatal_error "Option '$e' not permitted with this zone type " if $key & NOFW && ($zonetype == FIREWALL || $zonetype == VSERVER);
$$complexref = 1 if $key & COMPLEX;
$h{$e} = $val || 1; $h{$e} = $val || 1;
} else { } else {
fatal_error "The \"$e\" option may only be specified for ipsec zones" unless $zonetype == IPSEC; fatal_error "The \"$e\" option may only be specified for ipsec zones" unless $zonetype == IPSEC;