Issue a warning when a rule will be optimized away due to 'destonly'.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-02-17 02:00:57 +01:00 · 2013-05-14 09:30:59 -07:00 · 2013-05-14 09:30:59 -07:00 · a5412cff38
commit a5412cff38
parent 46a6a7b258
2 changed files with 14 additions and 6 deletions
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -2376,8 +2376,17 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 	#
 	# If we are processing an inline action, we need the source zone for NAT.
 	#
-	$sourceref = find_zone( $chainref->{sourcezone} ) if $chainref->{sourcezone}; 
+	if ( $chainref->{sourcezone} ) { 
 	    $sourceref = find_zone( $chainref->{sourcezone} );
 	    unless ( $wildcard ) {
 		warning_message "The SOURCE in this rule is 'destonly'" if $sourceref->{destonly} && ! $sourceref->{complex};
 	    }
 	}
    } else {
 	unless ( $wildcard ) {
 	    warning_message "The SOURCE zone in this rule is 'destonly'" if $sourceref->{destonly} && ! $sourceref->{complex};
 	}
 	unless ( $actiontype & NATONLY ) {
 	    #
 	    # Check for illegal bridge port rule
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@ -747,8 +747,11 @@ sub add_group_to_zone($$$$$)
    my $zoneref  = $zones{$zone};
    my $zonetype = $zoneref->{type};
-
+    $interfaceref = $interfaces{$interface};
    $zoneref->{interfaces}{$interface} = 1;
    $zoneref->{destonly} ||= $interfaceref->{options}{destonly};
    $interfaceref->{zones}{$zone} = 1;
    my @newnetworks;
    my @exclusions = ();
@ -757,10 +760,6 @@ sub add_group_to_zone($$$$$)
    my $allip    = 0;
    for my $host ( @$networks ) {
 	$interfaceref = $interfaces{$interface};
 	$interfaceref->{zones}{$zone} = 1;
 	$interfaceref->{nets}++;
 	fatal_error "Invalid Host List" unless supplied $host;