extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Disallow mss and blacklist on firewall and vserver zones

Browse Source
This commit is contained in:
Tom Eastep 2010-09-17 12:46:38 -07:00
parent 330afe1701
commit ab78aac3a4
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -309,10 +309,12 @@ sub parse_zone_option_list($$)
"tunnel-src" => NETWORK,
"tunnel-dst" => NETWORK,
);
use constant { UNRESTRICTED => 1, NOFW => 2 };
#
# Hash of options that have their own key in the returned hash.
#
my %key = ( mss => 1 , blacklist => 'blacklist' );
my %key = ( mss => NOFW , blacklist => NOFW );
my ( $list, $zonetype ) = @_;
my %h;
@ -345,6 +347,7 @@ sub parse_zone_option_list($$)
}
if ( $key{$e} ) {
fatal_error "Option '$e' not permitted with this zone type " if $key{$e} == NOFW && ($zonetype == FIREWALL || $zonetype == VSERVER);
$h{$e} = $val || 1;
} else {
fatal_error "The \"$e\" option may only be specified for ipsec zones" unless $zonetype == IPSEC;