From ef44b4741a9fc0046d27b50223ff68efd63e05e1 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 6 May 2007 15:43:30 +0000 Subject: [PATCH] Fix more exclusion problems in hosts file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6255 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Hosts.pm | 6 +++++- Shorewall-perl/Shorewall/Interfaces.pm | 1 - Shorewall-perl/Shorewall/Rules.pm | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Shorewall-perl/Shorewall/Hosts.pm b/Shorewall-perl/Shorewall/Hosts.pm index 018ac6abf..b222c9a6d 100644 --- a/Shorewall-perl/Shorewall/Hosts.pm +++ b/Shorewall-perl/Shorewall/Hosts.pm @@ -114,7 +114,11 @@ sub validate_hosts_file() # # Now add a comma before '!'. Do it globally - add_group_to_zone() correctly checks for multiple exclusions # - $hosts =~ s/!/,!/g; + if ( substr($hosts, 0, 1 ) eq '!' ) { + $hosts = join( '', ALLIPv4 , ',', $hosts ); + } else { + $hosts =~ s/!/,!/g + } add_group_to_zone( $zone, $type , $interface, [ split( ',', $hosts ) ] , $optionsref); diff --git a/Shorewall-perl/Shorewall/Interfaces.pm b/Shorewall-perl/Shorewall/Interfaces.pm index b736f8565..c1abf85c7 100644 --- a/Shorewall-perl/Shorewall/Interfaces.pm +++ b/Shorewall-perl/Shorewall/Interfaces.pm @@ -81,7 +81,6 @@ sub add_group_to_zone($$$$$) $ifacezone = '' unless defined $ifacezone; for my $host ( @$networks ) { - next unless $host; if ( substr( $host, 0, 1 ) eq '!' ) { fatal_error "Only one exclusion allowed in a host list" if $switched; $switched = 1; diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index e7bbba973..639bfa00a 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -1608,7 +1608,7 @@ sub generate_matrix() { } elsif ( $chain =~ /2all$/ ) { my $chain1 = $policy_exclusions{"${chain}_${zone1}"}; - unless ( $chain ) { + unless ( $chain1 ) { $chain1 = newexclusionchain; $policy_exclusions{"${chain}_${zone1}"} = $chain1; my $chain1ref = ensure_filter_chain $chain1, 0;