From 52b878cb8b0094fe5e219db5c040c3c9d35517be Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 7 Jun 2007 02:21:54 +0000
Subject: [PATCH] Fix some mixed zone-type cases

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6478 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Policy.pm |  2 +-
 Shorewall-perl/Shorewall/Rules.pm  |  2 +-
 Shorewall-perl/Shorewall/Zones.pm  | 21 ++++++++++++++++++++-
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm
index 9efbef339..c4664bf1a 100644
--- a/Shorewall-perl/Shorewall/Policy.pm
+++ b/Shorewall-perl/Shorewall/Policy.pm
@@ -188,7 +188,7 @@ sub validate_policy()
 	unless ( $clientwild || $serverwild ) {
 	    if ( $zones{$server}{type} eq 'bport4' ) {
 		fatal_error "Invalid policy - DEST zone is a Bridge Port zone but the SOURCE zone is not associated with the same bridge" 
-		    unless $zones{$client}{bridge} eq $zones{$server}{bridge};
+		    unless $zones{$client}{bridge} eq $zones{$server}{bridge} || single_interface( $client ) eq $zones{$server}{bridge};
 	    }
 	}   
 
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index 9c7197f85..6ab96baa5 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -979,7 +979,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) {
     # Check for illegal bridge port rule
     #
     if ( $zones{$destzone}->{type} eq 'bport4' ) {
-	unless ( $zones{$sourcezone}{bridge} eq $zones{$destzone}{bridge} ) {
+	unless ( $zones{$sourcezone}{bridge} eq $zones{$destzone}{bridge} || single_interface( $sourcezone ) eq $zones{$destzone}{bridge} ) {
 	    return 1 if $wildcard;
 	    fatal_error "Rules with a DESTINATION Bridge Port zone must have a SOURCE zone on the same bridge";
 	}
diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm
index 5faa11da9..91c701cb5 100644
--- a/Shorewall-perl/Shorewall/Zones.pm
+++ b/Shorewall-perl/Shorewall/Zones.pm
@@ -1,5 +1,5 @@
 #
-# Shorewall-perl 3.9 -- /usr/share/shorewall-perl/Shorewall/Zones.pm
+# Shorewall-perl 3.9 -- /usr/share/shorewall-perl/Shorewall/Zones.pm      
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #
@@ -40,6 +40,7 @@ our @EXPORT = qw( NOTHING
 		  zone_report
 		  dump_zone_contents
 		  haveipseczones
+		  single_interface
 
 		  @zones
 		  %zones
@@ -377,4 +378,22 @@ sub dump_zone_contents()
     }
 }
 
+#
+# If the passed zone is associated with a single interface, the name of the interface is returned. Otherwise, the funtion returns '';
+#
+sub single_interface( $ ) {
+    my $zone = $_[0];
+    my $zoneref = $zones{$zone};
+    fatal_error "Internal Error in single_zone()" unless $zoneref;
+
+    {
+	no warnings;
+	if ( %{$zoneref->{interfaces}} == 1 ) {
+	    ( keys %{$zoneref->{interfaces}} )[0];
+	} else {
+	    '';
+	}
+    }
+} 
+
 1;