forked from extern/shorewall_code
Re-allow Z->Z rules/policies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@516 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
c56fe6ee49
commit
526f0f9eb8
@ -718,9 +718,6 @@ validate_policy()
|
|||||||
|
|
||||||
chain=${client}2${server}
|
chain=${client}2${server}
|
||||||
|
|
||||||
[ "$client" != "$server" ] || [ -n "$serverwild" ] || \
|
|
||||||
startup_error "Intra-zone policies not allowed: $client $server $policy"
|
|
||||||
|
|
||||||
if is_policy_chain $chain ; then
|
if is_policy_chain $chain ; then
|
||||||
startup_error "Duplicate policy $policy"
|
startup_error "Duplicate policy $policy"
|
||||||
fi
|
fi
|
||||||
@ -2185,8 +2182,6 @@ process_rule() # $1 = target
|
|||||||
return
|
return
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
elif [ "$source" = "$dest" ]; then
|
|
||||||
fatal_error "Intra-zone rules are not allowed: rule \"$rule\""
|
|
||||||
else
|
else
|
||||||
[ $command = check ] || ensurechain $chain
|
[ $command = check ] || ensurechain $chain
|
||||||
fi
|
fi
|
||||||
@ -2692,10 +2687,10 @@ rules_chain() # $1 = source zone, $2 = destination zone
|
|||||||
{
|
{
|
||||||
local chain=${1}2${2}
|
local chain=${1}2${2}
|
||||||
|
|
||||||
[ "$1" = "$2" ] && { echo ACCEPT; return; }
|
|
||||||
|
|
||||||
havechain $chain && { echo $chain; return; }
|
havechain $chain && { echo $chain; return; }
|
||||||
|
|
||||||
|
[ "$1" = "$2" ] && { echo ACCEPT; return; }
|
||||||
|
|
||||||
eval chain=\$${chain}_policychain
|
eval chain=\$${chain}_policychain
|
||||||
|
|
||||||
[ -n "$chain" ] && { echo $chain; return; }
|
[ -n "$chain" ] && { echo $chain; return; }
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user