holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Change the 'dynamic' zone option to 'dynamic_shared'

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-10-07 09:18:18 -07:00
parent 1df48b46ef
commit 0c9cc4a233
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -240,25 +240,25 @@ my %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore =>
my %validhostoptions; my %validhostoptions;
my %validzoneoptions = ( mss => NUMERIC, my %validzoneoptions = ( mss => NUMERIC,
nomark => NOTHING, nomark => NOTHING,
blacklist => NOTHING, blacklist => NOTHING,
dynamic => NOTHING, dynamic_shared => NOTHING,
strict => NOTHING, strict => NOTHING,
next => NOTHING, next => NOTHING,
reqid => NUMERIC, reqid => NUMERIC,
spi => NUMERIC, spi => NUMERIC,
proto => IPSECPROTO, proto => IPSECPROTO,
mode => IPSECMODE, mode => IPSECMODE,
"tunnel-src" => NETWORK, "tunnel-src" => NETWORK,
"tunnel-dst" => NETWORK, "tunnel-dst" => NETWORK,
); );
use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8, IN_OUT_ONLY => 16 }; use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8, IN_OUT_ONLY => 16 };
# #
# Hash of options that have their own key in the returned hash. # Hash of options that have their own key in the returned hash.
# #
my %zonekey = ( mss => UNRESTRICTED | COMPLEX , blacklist => NOFW, nomark => NOFW | IN_OUT_ONLY, dynamic => IN_OUT_ONLY ); my %zonekey = ( mss => UNRESTRICTED | COMPLEX , blacklist => NOFW, nomark => NOFW | IN_OUT_ONLY, dynamic_shared => IN_OUT_ONLY );
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
@ -1251,7 +1251,7 @@ sub process_interface( $$ ) {
if ( $netsref eq 'dynamic' ) { if ( $netsref eq 'dynamic' ) {
my $ipset = $family == F_IPV4 ? "${zone}" : "6_${zone}"; my $ipset = $family == F_IPV4 ? "${zone}" : "6_${zone}";
$ipset = join( '_', $ipset, chain_base1( $physical ) ) unless $zoneref->{options}{in_out}{dynamic}; $ipset = join( '_', $ipset, chain_base1( $physical ) ) unless $zoneref->{options}{in_out}{dynamic_shared};
$netsref = [ "+$ipset" ]; $netsref = [ "+$ipset" ];
$ipsets{$ipset} = 1; $ipsets{$ipset} = 1;
} }
@ -1903,7 +1903,7 @@ sub process_host( ) {
my $set = $family == F_IPV4 ? "${zone}" : "6_${zone}"; my $set = $family == F_IPV4 ? "${zone}" : "6_${zone}";
unless ( $zoneref->{options}{in_out}{dynamic} ) { unless ( $zoneref->{options}{in_out}{dynamic_shared} ) {
my $physical = chain_base1( physical_name $interface ); my $physical = chain_base1( physical_name $interface );
$set = join( '_', $set, $physical ); $set = join( '_', $set, $physical );
} }