holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add back 'complex' zone attribute but don't use it yet

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8165 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-02-07 22:34:27 +00:00
parent f229aaf5dc
commit 44c9717a67
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall-perl/Shorewall/Zones.pm
View File

@ -45,6 +45,7 @@ our @EXPORT = qw( NOTHING
defined_zone defined_zone
zone_type zone_type
all_zones all_zones
complex_zones
non_firewall_zones non_firewall_zones
single_interface single_interface
validate_interfaces_file validate_interfaces_file
@ -82,7 +83,8 @@ use constant { NOTHING => 'NOTHING',
# @zones contains the ordered list of zones with sub-zones appearing before their parents. # @zones contains the ordered list of zones with sub-zones appearing before their parents.
# #
# %zones{<zone1> => {type = > <zone type> 'firewall', 'ipv4', 'ipsec4', 'bport4'; # %zones{<zone1> => {type = > <zone type> 'firewall', 'ipv4', 'ipsec4', 'bport4';
# options => { nested => 0|1 # options => { complex => 0|1
# nested => 0|1
# in_out => < policy match string > # in_out => < policy match string >
# in => < policy match string > # in => < policy match string >
# out => < policy match string > # out => < policy match string >
@ -300,6 +302,7 @@ sub determine_zones()
options => { in_out => parse_zone_option_list( $options || '', $type ) , options => { in_out => parse_zone_option_list( $options || '', $type ) ,
in => parse_zone_option_list( $in_options || '', $type ) , in => parse_zone_option_list( $in_options || '', $type ) ,
out => parse_zone_option_list( $out_options || '', $type ) , out => parse_zone_option_list( $out_options || '', $type ) ,
complex => ($type eq 'ipsec4' || $options || $in_options || $out_options ? 1 : 0) } ,
nested => @parents > 0 } , nested => @parents > 0 } ,
interfaces => {} , interfaces => {} ,
children => [] , children => [] ,
@ -497,6 +500,8 @@ sub add_group_to_zone($$$$$)
$interfaceref = ( $typeref->{$type} || ( $interfaceref = $typeref->{$type} = {} ) ); $interfaceref = ( $typeref->{$type} || ( $interfaceref = $typeref->{$type} = {} ) );
$arrayref = ( $interfaceref->{$interface} || ( $interfaceref->{$interface} = [] ) ); $arrayref = ( $interfaceref->{$interface} || ( $interfaceref->{$interface} = [] ) );
$zoneref->{options}{complex} = 1 if @$arrayref || ( @newnetworks > 1 ) || ( @exclusions );
push @{$zoneref->{exclusions}}, @exclusions; push @{$zoneref->{exclusions}}, @exclusions;
push @{$arrayref}, { options => $options, push @{$arrayref}, { options => $options,
@ -534,6 +539,10 @@ sub non_firewall_zones() {
grep ( $zones{$_}{type} ne 'firewall' , @zones ); grep ( $zones{$_}{type} ne 'firewall' , @zones );
} }
sub complex_zones() {
grep( $zones{$_}{options}{complex} , @zones );
}
sub firewall_zone() { sub firewall_zone() {
$firewall_zone; $firewall_zone;
} }
@ -936,6 +945,7 @@ sub validate_hosts_file()
if ( $hosts =~ /^([\w.@%-]+\+?):(.*)$/ ) { if ( $hosts =~ /^([\w.@%-]+\+?):(.*)$/ ) {
$interface = $1; $interface = $1;
$hosts = $2; $hosts = $2;
$zoneref->{options}{complex} = 1 if $hosts =~ /^\+/;
fatal_error "Unknown interface ($interface)" unless $interfaces{$interface}{root}; fatal_error "Unknown interface ($interface)" unless $interfaces{$interface}{root};
} else { } else {
fatal_error "Invalid HOST(S) column contents: $hosts"; fatal_error "Invalid HOST(S) column contents: $hosts";
@ -960,6 +970,7 @@ sub validate_hosts_file()
{ {
if ( $option eq 'ipsec' ) { if ( $option eq 'ipsec' ) {
$type = 'ipsec4'; $type = 'ipsec4';
$zoneref->{options}{complex} = 1;
$ipsec = 1; $ipsec = 1;
} elsif ( $validoptions{$option}) { } elsif ( $validoptions{$option}) {
$options{$option} = 1; $options{$option} = 1;