From 75d50d126c004f09bccd99b7583ff6e0c76e1bfa Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 27 Sep 2010 13:57:56 -0700
Subject: [PATCH] Make zones with 'mss' complex.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Zones.pm | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 3c8030e48..3b60a48b5 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -310,11 +310,11 @@ sub parse_zone_option_list($$\$)
 			 "tunnel-dst" => NETWORK,
 		       );
 
-    use constant { UNRESTRICTED => 1, NOFW => 2 };
+    use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8 };
     #
     # Hash of options that have their own key in the returned hash.
     #
-    my %key = ( mss => UNRESTRICTED , blacklist => NOFW );
+    my %key = ( mss => UNRESTRICTED | COMPLEX , blacklist => NOFW );
 
     my ( $list, $zonetype, $complexref ) = @_;
     my %h;
@@ -346,8 +346,11 @@ sub parse_zone_option_list($$\$)
 		fatal_error "Invalid value ($val) for option \"$e\"" unless $val =~ /^($fmt)$/;
 	    }
 
-	    if ( $key{$e} ) {
-		fatal_error "Option '$e' not permitted with this zone type " if $key{$e} == NOFW && ($zonetype == FIREWALL || $zonetype == VSERVER);
+	    my $key = $key{$e};
+
+	    if ( $key ) {
+		fatal_error "Option '$e' not permitted with this zone type " if $key & NOFW && ($zonetype == FIREWALL || $zonetype == VSERVER);
+		$$complexref = 1 if $key & COMPLEX;
 		$h{$e} = $val || 1;
 	    } else {
 		fatal_error "The \"$e\" option may only be specified for ipsec zones" unless $zonetype == IPSEC;