Don't use policy match if there are no IPSEC zones or host groups

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5595 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-03-20 14:15:11 +00:00 · 2007-03-20 14:15:11 +00:00 · 6f114931bf
commit 6f114931bf
parent ee77f5b8d8
1 changed files with 5 additions and 0 deletions
--- a/New/Shorewall/Hosts.pm
+++ b/New/Shorewall/Hosts.pm
@ -50,6 +50,8 @@ sub validate_hosts_file()
 			tcpflags => 1,
 			);

+    my $ipsec = 0;
+
    open HOSTS, "$ENV{TMP_DIR}/hosts" or fatal_error "Unable to open stripped hosts file: $!";

    while ( $line = <HOSTS> ) {
@ -89,6 +91,7 @@ sub validate_hosts_file()
 		if ( $option eq 'ipsec' ) {
 		    $type = 'ipsec';
 		    $zoneref->{options}{complex} = 1;
+		    $ipsec = 1;
 		} elsif ( $validoptions{$option}) {
 		    $options{$option} = 1;
 		} else {
@ -107,6 +110,8 @@ sub validate_hosts_file()
    }

    close HOSTS;
+
+    $capabilities{POLICY_MATCH} = '' unless $ipsec or $zones{ipsec};
 }
 #
 # Returns a reference to a array of host entries. Each entry is a