diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 8e8da9b93..0b3064625 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -597,7 +597,6 @@ sub add_group_to_zone($$$$$) my $interfaceref; my $zoneref = $zones{$zone}; my $zonetype = $zoneref->{type}; - my $ifacezone = $interfaces{$interface}{zone}; $zoneref->{interfaces}{$interface} = 1; @@ -606,8 +605,6 @@ sub add_group_to_zone($$$$$) my $new = \@newnetworks; my $switched = 0; - $ifacezone = '' unless defined $ifacezone; - for my $host ( @$networks ) { $interfaces{$interface}{nets}++; @@ -622,8 +619,8 @@ sub add_group_to_zone($$$$$) unless ( $switched ) { if ( $type == $zonetype ) { - fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if $ifacezone eq $zone; - $ifacezone = $zone if $host eq ALLIP; + fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if $interfaces{$interface}{zone} eq $zone; + $interfaces{$interface}{zone} = $zone if $host eq ALLIP; } } @@ -885,7 +882,9 @@ sub process_interface( $ ) { number => $nextinum , root => $root , broadcasts => $broadcasts , - options => \%options }; + options => \%options , + zone => '' + }; $nets = [ allip ] unless $nets; @@ -894,8 +893,6 @@ sub process_interface( $ ) { add_group_to_zone( $zone, $zoneref->{type}, $interface, [ IPv4_MULTICAST ], { destonly => 1 } ) if $hostoptionsref->{multicast}; } - $interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone() - progress_message " Interface \"$currentline\" Validated"; return $interface; diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 4fbdec1a9..8644d1353 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -22,6 +22,8 @@ Changes in Shorewall 4.4.1 11) Allow multicast to non-dynamic zones with nets=. +12) Allow zones with nets= to be extended by /etc/shorewall/hosts entries. + Changes in Shorewall 4.4.0 1) Fix 'compile ... -' so that it no longer requires '-v-1' diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 360ea73e1..51dc6b56d 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -180,6 +180,10 @@ Shorewall 4.4.1 one-interface sample configuration since forwarding is typically not required with only a single interface. +4) Previously, the definition of a that specified nets= in + /etc/shorewall/interfaces could not be extended by entries in + /etc/shorewall/hosts. + ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G ----------------------------------------------------------------------------