mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-28 00:59:07 +01:00
Disallow ipsec zones nested within an ip zone
This commit is contained in:
parent
19736bcdbd
commit
8d8920e7ad
@ -376,6 +376,12 @@ sub process_zone( \$ ) {
|
||||
} else {
|
||||
fatal_error "Invalid zone type ($type)" ;
|
||||
}
|
||||
|
||||
if ( $type eq IPSEC ) {
|
||||
for ( @parents ) {
|
||||
fatal_error "Parent zone $_ is not an IPSEC Zone" unless $zones{$_}{type} eq IPSEC;
|
||||
}
|
||||
}
|
||||
|
||||
for ( $options, $in_options, $out_options ) {
|
||||
$_ = '' if $_ eq '-';
|
||||
|
@ -6,6 +6,8 @@ Changes in Shorewall 4.4.0-RC2
|
||||
|
||||
3) Make 'any' a reserved zone name.
|
||||
|
||||
4) Issue a warning if an ipsec zone is nested in a non-ipsec zone.
|
||||
|
||||
Changes in Shorewall 4.4.0-RC1
|
||||
|
||||
1) Delete duplicate Git macro.
|
||||
|
@ -121,6 +121,9 @@ Shorewall 4.4.0 RC2
|
||||
3) 'any' is now a reserved name. In RC1, 'any' could be defined as the
|
||||
name of a zone.
|
||||
|
||||
4) Previously, an IPSEC zone could be defined as a sub-zone of a
|
||||
non-IPSEC zone. This invalid definition is now flagged with an error.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
K N O W N P R O B L E M S R E M A I N I N G
|
||||
----------------------------------------------------------------------------
|
||||
|
Loading…
Reference in New Issue
Block a user