From a623dc28aad132674ed4cf42461d75c90e6a48f6 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 29 Aug 2009 07:27:32 -0700 Subject: [PATCH] Apply nets= fix to 4.4.0 --- Shorewall/Perl/Shorewall/Zones.pm | 13 +++++-------- Shorewall/changelog.txt | 2 ++ Shorewall/known_problems.txt | 4 ++++ Shorewall/releasenotes.txt | 6 +++++- 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 4962b6d1b..cf8bdd0b1 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -601,7 +601,6 @@ sub add_group_to_zone($$$$$) my $interfaceref; my $zoneref = $zones{$zone}; my $zonetype = $zoneref->{type}; - my $ifacezone = $interfaces{$interface}{zone}; $zoneref->{interfaces}{$interface} = 1; @@ -610,8 +609,6 @@ sub add_group_to_zone($$$$$) my $new = \@newnetworks; my $switched = 0; - $ifacezone = '' unless defined $ifacezone; - for my $host ( @$networks ) { $interfaces{$interface}{nets}++; @@ -626,8 +623,8 @@ sub add_group_to_zone($$$$$) unless ( $switched ) { if ( $type == $zonetype ) { - fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if $ifacezone eq $zone; - $ifacezone = $zone if $host eq ALLIP; + fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if $interfaces{$interface}{zone} eq $zone; + $interfaces{$interface}{zone} = $zone if $host eq ALLIP; } } @@ -887,14 +884,14 @@ sub process_interface( $ ) { number => $nextinum , root => $root , broadcasts => $broadcasts , - options => \%options }; + options => \%options , + zone => '' + }; $nets = [ allip ] unless $nets; add_group_to_zone( $zone, $zoneref->{type}, $interface, $nets, $hostoptionsref ) if $zone; - $interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone() - progress_message " Interface \"$currentline\" Validated"; return $interface; diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index e5de7b4e9..604be7cc1 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -3,6 +3,8 @@ Changes in Shorewall 4.4.0.2 1) Fix MULTICAST=Yes and ACCEPT policy. +2) Allow extension of zone definition with nets=. + Changes in Shorewall 4.4.0.1 1) Updated release versions. diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt index 76ffa0192..b2fee380a 100644 --- a/Shorewall/known_problems.txt +++ b/Shorewall/known_problems.txt @@ -20,3 +20,7 @@ This problem was corrected in Shorewall 4.4.0.2. +4) If a zone is defined with nets= in /etc/shorewall/zones, that + definition cannot be extended by entries in /etc/shorewall/hosts. + + This problem was corrected in Shorewall 4.4.0.2. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 146946a2e..32462d684 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -160,7 +160,11 @@ Shorewall 4.4.0 patch release 1. 1) If MULTICAST=Yes in shorewall.conf, then multicast traffic was excluded from ACCEPT policies. ----------------------------------------------------------------------------- +2) If a zone was defined with nets= in /etc/shorewall/zones, that + definition could not be extended by entries in + /etc/shorewall/hosts. + + ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 . 1 ----------------------------------------------------------------------------