From e626b7709786fa53cc2078e50a0213083242ada0 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 21 Feb 2019 09:31:13 -0800
Subject: [PATCH] Correct policy zone exclusion handling

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 35d093f01..5793a8d5f 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -836,11 +836,15 @@ sub process_a_policy() {
 
     my ( $intrazone, $clientlist, $serverlist );
 
-    if ( $clientlist = ( $clients =~ /,/ ) ) {
+    if ( $clients =~ /^all(\+)?!/ ) {
+	$intrazone = $1;
+    } elsif ( $clientlist = ( $clients =~ /,/ ) ) {
 	$intrazone = ( $clients =~ s/\+$// );
     }
 
-    if ( $serverlist = ( $servers =~ /,/ ) ) {
+    if ( $servers =~ /^all(\+)?!/ ) {
+	$intrazone = $1;
+    } elsif ( $serverlist = ( $servers =~ /,/ ) ) {
 	$intrazone ||= ( $servers =~ s/\+$// );
     }	
 
@@ -857,7 +861,7 @@ sub process_a_policy() {
 	    }
 	}
     } else {
-	process_a_policy1( $clients, $servers, $policy, $loglevel, $synparams, $connlimit, 0 );
+	process_a_policy1( $clients, $servers, $policy, $loglevel, $synparams, $connlimit, $intrazone );
     }
 }