From 27433b33e5582ad3619de98aacd14f49f5af80e7 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 22 Apr 2007 14:50:19 +0000
Subject: [PATCH] Fix 'routeback' on multi-zone interface

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6060 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Interfaces.pm | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/Shorewall-perl/Shorewall/Interfaces.pm b/Shorewall-perl/Shorewall/Interfaces.pm
index 47ec926ff..cbe1f2f61 100644
--- a/Shorewall-perl/Shorewall/Interfaces.pm
+++ b/Shorewall-perl/Shorewall/Interfaces.pm
@@ -147,9 +147,12 @@ sub get_routed_networks ( $$ ) {
 
 sub validate_interfaces_file()
 {
-    use constant { SIMPLE_IF_OPTION  => 1,
-		   BINARY_IF_OPTION  => 2,
-		   ENUM_IF_OPTION    => 3 };
+    use constant { SIMPLE_IF_OPTION   => 1,
+		   BINARY_IF_OPTION   => 2,
+		   ENUM_IF_OPTION     => 3, 
+	           MASK_IF_OPTION     => 3,
+	           
+	           IF_OPTION_ZONEONLY => 4 };
 
     my %validoptions = (arp_filter  => BINARY_IF_OPTION,
 			arp_ignore  => ENUM_IF_OPTION,
@@ -162,7 +165,7 @@ sub validate_interfaces_file()
 			nosmurfs    => SIMPLE_IF_OPTION,
 			optional    => SIMPLE_IF_OPTION,
 			proxyarp    => BINARY_IF_OPTION,
-			routeback   => SIMPLE_IF_OPTION,
+			routeback   => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY,
 			routefilter => BINARY_IF_OPTION,
 			sourceroute => BINARY_IF_OPTION,
 			tcpflags    => SIMPLE_IF_OPTION,
@@ -228,7 +231,11 @@ sub validate_interfaces_file()
 		( $option, my $value ) = split /=/, $option;
 
 		fatal_error "Invalid Interface option ($option)" unless my $type = $validoptions{$option};
+
+		fatal_error "The \"$option\" option may not be specified on a multi-zone interface" if $type & IF_OPTION_ZONEONLY && ! $zone;
 		
+		$type &= MASK_IF_OPTION;
+
 		if ( $type == SIMPLE_IF_OPTION ) {
 		    fatal_error "Option $option does not take a value" if defined $value;
 		    $options{$option} = 1;