extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-03 03:19:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix dynamic zone fiasco

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6352 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-05-14 23:14:30 +00:00
parent 37a5edb43a
commit 89d8afe45c
3 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-common/lib.dynamiczones
View File

@ -187,6 +187,7 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
for h in $dest_hosts; do for h in $dest_hosts; do
iface=${h%%:*} iface=${h%%:*}
iface=${iface#+}
hosts=${h#*:} hosts=${h#*:}
if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then
@ -206,6 +207,7 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
for h in $source_hosts; do for h in $source_hosts; do
iface=${h%%:*} iface=${h%%:*}
iface=${iface#+}
hosts=${h#*:} hosts=${h#*:}
if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then
@ -374,6 +376,7 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
for h in $dest_hosts; do for h in $dest_hosts; do
iface=${h%%:*} iface=${h%%:*}
iface=${iface#+}
hosts=${h#*:} hosts=${h#*:}
if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then
@ -390,6 +393,7 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
for h in $source_hosts; do for h in $source_hosts; do
iface=${h%%:*} iface=${h%%:*}
iface=${iface#+}
hosts=${h#*:} hosts=${h#*:}
if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then

4
Shorewall-perl/Shorewall/Rules.pm
View File

@ -1420,6 +1420,7 @@ sub generate_matrix() {
add_rule $in_ref , "-i $interface -s $net -j RETURN"; add_rule $in_ref , "-i $interface -s $net -j RETURN";
add_rule $out_ref , "-i $interface -s $net -j RETURN"; add_rule $out_ref , "-i $interface -s $net -j RETURN";
} }
}
if ( $capabilities{POLICY_MATCH} ) { if ( $capabilities{POLICY_MATCH} ) {
my $type = $zoneref->{type}; my $type = $zoneref->{type};
@ -1427,7 +1428,7 @@ sub generate_matrix() {
if ( $config{DYNAMIC_ZONES} ) { if ( $config{DYNAMIC_ZONES} ) {
no warnings; no warnings;
create_zone_dyn_chain $zone, $frwd_ref if (%$source_ref || $type ne 'ipsec4' ); create_zone_dyn_chain $zone, $frwd_ref if (%$source_ref || $type eq 'ipsec4' );
} }
for my $interface ( keys %$source_ref ) { for my $interface ( keys %$source_ref ) {
@ -1443,7 +1444,6 @@ sub generate_matrix() {
} }
} }
} }
}
# #
# Main source-zone matrix-generation loop # Main source-zone matrix-generation loop
# #