Add back 'complex' zone attribute but don't use it yet

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8165 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2008-02-07 22:34:27 +00:00 · 2008-02-07 22:34:27 +00:00 · 44c9717a67
commit 44c9717a67
parent f229aaf5dc
1 changed files with 12 additions and 1 deletions
--- a/Shorewall-perl/Shorewall/Zones.pm
+++ b/Shorewall-perl/Shorewall/Zones.pm
@ -45,6 +45,7 @@ our @EXPORT = qw( NOTHING
 		  defined_zone
 		  zone_type
 		  all_zones
+		  complex_zones
 		  non_firewall_zones
 		  single_interface
 		  validate_interfaces_file
@ -82,7 +83,8 @@ use constant { NOTHING    => 'NOTHING',
 #     @zones contains the ordered list of zones with sub-zones appearing before their parents.
 #
 #     %zones{<zone1> => {type = >      <zone type>       'firewall', 'ipv4', 'ipsec4', 'bport4';
-#                        options =>    {  nested  => 0|1
+#                        options =>    { complex => 0|1
+#                                        nested  => 0|1
 #                                        in_out  => < policy match string >
 #                                        in      => < policy match string >
 #                                        out     => < policy match string >
@ -300,6 +302,7 @@ sub determine_zones()
 			  options    => { in_out  => parse_zone_option_list( $options || '', $type ) ,
 					  in      => parse_zone_option_list( $in_options || '', $type ) ,
 					  out     => parse_zone_option_list( $out_options || '', $type ) ,
+					  complex => ($type eq 'ipsec4' || $options || $in_options || $out_options ? 1 : 0) } ,
 					  nested  => @parents > 0 } ,
 			  interfaces => {} ,
 			  children   => [] ,
@ -497,6 +500,8 @@ sub add_group_to_zone($$$$$)
    $interfaceref = ( $typeref->{$type}           || ( $interfaceref = $typeref->{$type} = {} ) );
    $arrayref     = ( $interfaceref->{$interface} || ( $interfaceref->{$interface} = [] ) );

+    $zoneref->{options}{complex} = 1 if @$arrayref || ( @newnetworks > 1 ) || ( @exclusions );
+    
    push @{$zoneref->{exclusions}}, @exclusions;

    push @{$arrayref}, { options => $options,
@ -534,6 +539,10 @@ sub non_firewall_zones() {
   grep ( $zones{$_}{type} ne 'firewall'  ,  @zones );
 }

+sub complex_zones() {
+    grep( $zones{$_}{options}{complex} , @zones );
+}
+
 sub firewall_zone() {
    $firewall_zone;
 }
@ -936,6 +945,7 @@ sub validate_hosts_file()
 	if ( $hosts =~ /^([\w.@%-]+\+?):(.*)$/ ) {
 	    $interface = $1;
 	    $hosts = $2;
+	    $zoneref->{options}{complex} = 1 if $hosts =~ /^\+/;
 	    fatal_error "Unknown interface ($interface)" unless $interfaces{$interface}{root};
 	} else {
 	    fatal_error "Invalid HOST(S) column contents: $hosts";
@ -960,6 +970,7 @@ sub validate_hosts_file()
 	    {
 		if ( $option eq 'ipsec' ) {
 		    $type = 'ipsec4';
+		    $zoneref->{options}{complex} = 1;
 		    $ipsec = 1;
 		} elsif ( $validoptions{$option}) {
 		    $options{$option} = 1;