From 65cde3475fdb427d206fab1c3249fbb205295167 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 15 Apr 2014 11:37:51 -0700 Subject: [PATCH] Always inherit interface options Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Zones.pm | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 9a110cdaa..ad769996b 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -817,6 +817,12 @@ sub add_group_to_zone($$$$$) $zoneref->{interfaces}{$interface} = 1; $zoneref->{destonly} ||= $interfaceref->{options}{destonly}; $options->{destonly} ||= $interfaceref->{options}{destonly}; + # + # Make 'find_hosts_by_option()' work correctly for this zone + # + for ( qw/blacklist maclist nosmurfs tcpflags/ ) { + $options->{$_} = $interfaceref->{options}{$_} if $interfaceref->{options}{$_} && ! exists $options->{$_}; + } $interfaceref->{zones}{$zone} = 1; @@ -851,13 +857,6 @@ sub add_group_to_zone($$$$$) if ( $host eq ALLIP ) { fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if @newnetworks; $interfaces{$interface}{zone} = $zone; - # - # Make 'find_hosts_by_option()' work correctly for this zone - # - for ( qw/blacklist maclist nosmurfs tcpflags/ ) { - $options->{$_} = $interfaceref->{options}{$_} if $interfaceref->{options}{$_}; - } - $allip = 1; } }