holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix some mixed zone-type cases

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6478 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-07 02:21:54 +00:00
parent 5b11cc9e6e
commit 52b878cb8b
3 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-perl/Shorewall/Policy.pm
View File

@ -188,7 +188,7 @@ sub validate_policy()
unless ( $clientwild || $serverwild ) {
if ( $zones{$server}{type} eq 'bport4' ) {
fatal_error "Invalid policy - DEST zone is a Bridge Port zone but the SOURCE zone is not associated with the same bridge"
unless $zones{$client}{bridge} eq $zones{$server}{bridge};
unless $zones{$client}{bridge} eq $zones{$server}{bridge} || single_interface( $client ) eq $zones{$server}{bridge};
}
}

2
Shorewall-perl/Shorewall/Rules.pm
View File

@ -979,7 +979,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) {
# Check for illegal bridge port rule
#
if ( $zones{$destzone}->{type} eq 'bport4' ) {
unless ( $zones{$sourcezone}{bridge} eq $zones{$destzone}{bridge} ) {
unless ( $zones{$sourcezone}{bridge} eq $zones{$destzone}{bridge} || single_interface( $sourcezone ) eq $zones{$destzone}{bridge} ) {
return 1 if $wildcard;
fatal_error "Rules with a DESTINATION Bridge Port zone must have a SOURCE zone on the same bridge";
}

21
Shorewall-perl/Shorewall/Zones.pm
View File

@ -1,5 +1,5 @@
#
# Shorewall-perl 3.9 -- /usr/share/shorewall-perl/Shorewall/Zones.pm
# Shorewall-perl 3.9 -- /usr/share/shorewall-perl/Shorewall/Zones.pm
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
@ -40,6 +40,7 @@ our @EXPORT = qw( NOTHING
zone_report
dump_zone_contents
haveipseczones
single_interface
@zones
%zones
@ -377,4 +378,22 @@ sub dump_zone_contents()
}
}
#
# If the passed zone is associated with a single interface, the name of the interface is returned. Otherwise, the funtion returns '';
#
sub single_interface( $ ) {
my $zone = $_[0];
my $zoneref = $zones{$zone};
fatal_error "Internal Error in single_zone()" unless $zoneref;
{
no warnings;
if ( %{$zoneref->{interfaces}} == 1 ) {
( keys %{$zoneref->{interfaces}} )[0];
} else {
'';
}
}
}
1;