Fix some bugs

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6476 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-06 23:39:27 +00:00
parent 4da98d2bb2
commit b591068603
4 changed files with 26 additions and 26 deletions

View File

@ -151,8 +151,10 @@ sub get_routed_networks ( $$ ) {
# Parse the interfaces file. # Parse the interfaces file.
# #
sub validate_interfaces_file() sub validate_interfaces_file( $ )
{ {
my $export = shift;
use constant { SIMPLE_IF_OPTION => 1, use constant { SIMPLE_IF_OPTION => 1,
BINARY_IF_OPTION => 2, BINARY_IF_OPTION => 2,
ENUM_IF_OPTION => 3, ENUM_IF_OPTION => 3,
@ -230,7 +232,6 @@ sub validate_interfaces_file()
} }
} }
$interfaces{$interface}{ports}++;
$interfaces{$port}{bridge} = $bridge = $interface; $interfaces{$port}{bridge} = $bridge = $interface;
$interface = $port; $interface = $port;
} else { } else {
@ -318,10 +319,11 @@ sub validate_interfaces_file()
my @networks; my @networks;
if ( $options{detectnets} ) { if ( $options{detectnets} ) {
fatal_error "'detectnets' not allowed with multi-zone interface" unless $zone; fatal_error "The 'detectnets' option is not allowed with multi-zone interface" unless $zone;
fatal_error "The 'detectnets' option may not be used with a wild-card interface name" if $wildcard; fatal_error "The 'detectnets' option may not be used with a wild-card interface name" if $wildcard;
fatal_error "The 'detectnets' option may not be used with the '-e' compiler option" if $export;
@networks = get_routed_networks( $interface, 'detectnets not allowed on interface with default route' ); @networks = get_routed_networks( $interface, 'detectnets not allowed on interface with default route' );
fatal_error "No routes through 'detectnets' interface $interface" unless @networks || $options{optional}; fatal_error "No routes found through 'detectnets' interface $interface" unless @networks || $options{optional};
} else { } else {
@networks = @allipv4; @networks = @allipv4;
} }

View File

@ -757,7 +757,7 @@ sub setup_mac_lists( $ ) {
add_rule $filter_table->{$chain} , "${source}-m state --state NEW ${policy}-j $target"; add_rule $filter_table->{$chain} , "${source}-m state --state NEW ${policy}-j $target";
} }
} else { } else {
add_rule $mangle_table->{PREROUTING}, match_source_interface( $interface ) . "${source}-m state --state NEW ${policy}-j $target"; add_rule $mangle_table->{PREROUTING}, match_source_dev( $interface ) . "${source}-m state --state NEW ${policy}-j $target";
} }
} }
} else { } else {

View File

@ -221,29 +221,23 @@ sub determine_zones()
fatal_error "Invalid zone name: $zone" if $reservedName{$zone} || $zone =~ /^all2|2all$/; fatal_error "Invalid zone name: $zone" if $reservedName{$zone} || $zone =~ /^all2|2all$/;
fatal_error( "Duplicate zone name: $zone\n" ) if $zones{$zone}; fatal_error( "Duplicate zone name: $zone\n" ) if $zones{$zone};
my $zoneref = $zones{$zone} = {};
$zoneref->{parents} = \@parents;
$zoneref->{exclusions} = [];
$zoneref->{bridge} = '';
$type = "ipv4" unless $type; $type = "ipv4" unless $type;
if ( $type =~ /ipv4/i ) { if ( $type =~ /ipv4/i ) {
$zoneref->{type} = 'ipv4'; $type = 'ipv4';
} elsif ( $type =~ /^ipsec4?$/i ) { } elsif ( $type =~ /^ipsec4?$/i ) {
$zoneref->{type} = 'ipsec4'; $type = 'ipsec4';
} elsif ( $type =~ /^bport4?$/i ) { } elsif ( $type =~ /^bport4?$/i ) {
warning_message "Bridge Port zones should have a parent zone" unless @parents; warning_message "Bridge Port zones should have a parent zone" unless @parents;
$zoneref->{type} = 'bport4'; $type = 'bport4';
} elsif ( $type eq 'firewall' ) { } elsif ( $type eq 'firewall' ) {
fatal_error 'Firewall zone may not be nested' if @parents; fatal_error 'Firewall zone may not be nested' if @parents;
fatal_error "Only one firewall zone may be defined: $zone" if $firewall_zone; fatal_error "Only one firewall zone may be defined: $zone" if $firewall_zone;
$firewall_zone = $zone; $firewall_zone = $zone;
$ENV{FW} = $zone; $ENV{FW} = $zone;
$zoneref->{type} = "firewall"; $type = "firewall";
} elsif ( $type eq '-' ) { } elsif ( $type eq '-' ) {
$type = $zoneref->{type} = 'ipv4'; $type = 'ipv4';
} else { } else {
fatal_error "Invalid zone type ($type)" ; fatal_error "Invalid zone type ($type)" ;
} }
@ -254,16 +248,20 @@ sub determine_zones()
$in_options = '' if $in_options eq '-'; $in_options = '' if $in_options eq '-';
$out_options = '' if $out_options eq '-'; $out_options = '' if $out_options eq '-';
$zone_hash{in_out} = parse_zone_option_list( $options || '', $zoneref->{type} ); $zone_hash{in_out} = parse_zone_option_list( $options || '', $type );
$zone_hash{in} = parse_zone_option_list( $in_options || '', $zoneref->{type} ); $zone_hash{in} = parse_zone_option_list( $in_options || '', $type );
$zone_hash{out} = parse_zone_option_list( $out_options || '', $zoneref->{type} ); $zone_hash{out} = parse_zone_option_list( $out_options || '', $type );
$zone_hash{complex} = ($zoneref->{type} eq 'ipsec4' || $options || $in_options || $out_options ? 1 : 0); $zone_hash{complex} = ($type eq 'ipsec4' || $options || $in_options || $out_options ? 1 : 0);
$zoneref->{options} = \%zone_hash;
$zoneref->{interfaces} = {};
$zoneref->{children} = [];
$zoneref->{hosts} = {};
$zones{$zone} = { type => $type,
parents => \@parents,
exclusions => [],
bridge => '',
options => \%zone_hash,
interfaces => {} ,
children => [] ,
hosts => {}
};
push @z, $zone; push @z, $zone;
} }

View File

@ -691,7 +691,7 @@ sub compiler( $ ) {
# #
# Process the interfaces file. # Process the interfaces file.
# #
validate_interfaces_file; validate_interfaces_file ( $export );
# #
# Process the hosts file. # Process the hosts file.
# #