extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-18 20:30:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add 'dynamic' zone option.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-10-06 07:21:49 -07:00
parent 25c445830b
commit afaba46aa3
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -243,6 +243,7 @@ my %validhostoptions;
my %validzoneoptions = ( mss => NUMERIC, my %validzoneoptions = ( mss => NUMERIC,
nomark => NOTHING, nomark => NOTHING,
blacklist => NOTHING, blacklist => NOTHING,
dynamic => NOTHING,
strict => NOTHING, strict => NOTHING,
next => NOTHING, next => NOTHING,
reqid => NUMERIC, reqid => NUMERIC,
@ -257,7 +258,7 @@ use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8, IN_OUT_ONLY => 16 };
# #
# Hash of options that have their own key in the returned hash. # Hash of options that have their own key in the returned hash.
# #
my %zonekey = ( mss => UNRESTRICTED | COMPLEX , blacklist => NOFW, nomark => NOFW | IN_OUT_ONLY ); my %zonekey = ( mss => UNRESTRICTED | COMPLEX , blacklist => NOFW, nomark => NOFW | IN_OUT_ONLY, dynamic => IN_OUT_ONLY );
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
@ -403,7 +404,7 @@ sub parse_zone_option_list($$\$$)
if ( $key ) { if ( $key ) {
fatal_error "Option '$e' not permitted with this zone type " if $key & NOFW && ($zonetype & ( FIREWALL | VSERVER) ); fatal_error "Option '$e' not permitted with this zone type " if $key & NOFW && ($zonetype & ( FIREWALL | VSERVER) );
fatal_error "Opeion '$e' is only permitted in the OPTIONS columns" if $key & IN_OUT_ONLY && $column != IN_OUT; fatal_error "Option '$e' is only permitted in the OPTIONS columns" if $key & IN_OUT_ONLY && $column != IN_OUT;
$$complexref = 1 if $key & COMPLEX; $$complexref = 1 if $key & COMPLEX;
$h{$e} = $val || 1; $h{$e} = $val || 1;
} else { } else {
@ -661,7 +662,7 @@ sub zone_report()
unless ( $printed ) { unless ( $printed ) {
fatal_error "No bridge has been associated with zone $zone" if $type & BPORT && ! $zoneref->{bridge}; fatal_error "No bridge has been associated with zone $zone" if $type & BPORT && ! $zoneref->{bridge};
warning_message "*** $zone is an EMPTY ZONE ***" unless $type == FIREWALL; warning_message "*** $zone is an EMPTY ZONE ***" unless $type == FIREWALL || $zoneref->{options}{in_out}{dynamic};
} }
} }