holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Allow empty BP zones -- first step toward dynamic BP zones

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6604 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-19 22:39:41 +00:00
parent 0c8988a67f
commit 91490ebc4a
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall-perl/Shorewall/Interfaces.pm
View File

@ -243,7 +243,6 @@ sub validate_interfaces_file( $ )
require_capability( 'KLUDGEFREE', 'Bridge Ports', ''); require_capability( 'KLUDGEFREE', 'Bridge Ports', '');
fatal_error "Duplicate Interface ($port)" if $interfaces{$port}; fatal_error "Duplicate Interface ($port)" if $interfaces{$port};
fatal_error "$interface is not a defined bridge" unless $interfaces{$interface} && $interfaces{$interface}{options}{bridge}; fatal_error "$interface is not a defined bridge" unless $interfaces{$interface} && $interfaces{$interface}{options}{bridge};
fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[\w.@%-]+\+?$/;
fatal_error "Bridge Ports may only be associated with 'bport' zones" if $zone && $zoneref->{type} ne 'bport4'; fatal_error "Bridge Ports may only be associated with 'bport' zones" if $zone && $zoneref->{type} ne 'bport4';
if ( $zone ) { if ( $zone ) {
@ -254,6 +253,12 @@ sub validate_interfaces_file( $ )
} }
} }
fatal_error "Bridge Ports may not have options" if $options && $options ne '-';
next if $port eq '';
fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[\w.@%-]+\+?$/;
$interfaces{$port}{bridge} = $bridge = $interface; $interfaces{$port}{bridge} = $bridge = $interface;
$interface = $port; $interface = $port;
} else { } else {
@ -285,7 +290,6 @@ sub validate_interfaces_file( $ )
my %options; my %options;
if ( $options ) { if ( $options ) {
fatal_error "Bridge Ports may not have options" if defined $port;
for my $option (split ',', $options ) { for my $option (split ',', $options ) {
next if $option eq '-'; next if $option eq '-';
@ -331,7 +335,7 @@ sub validate_interfaces_file( $ )
fatal_error "Bridges may not have wildcard names" if $wildcard; fatal_error "Bridges may not have wildcard names" if $wildcard;
push @bridges, $interface; push @bridges, $interface;
} }
} elsif ( defined $port ) { } elsif ( $port ) {
$options{port} = 1; $options{port} = 1;
} }

8
Shorewall-perl/Shorewall/Zones.pm
View File

@ -338,7 +338,11 @@ sub zone_report()
} }
} }
warning_message "*** $zone is an EMPTY ZONE ***" unless $printed || $type eq 'firewall'; unless ( $printed ) {
fatal_error "No bridge has been associated with zone $zone" if $type eq 'bport4' && ! $zoneref->{bridge};
warning_message "*** $zone is an EMPTY ZONE ***" unless $type eq 'firewall';
}
} }
} }
@ -353,6 +357,8 @@ sub dump_zone_contents()
my $exclusions = $zoneref->{exclusions}; my $exclusions = $zoneref->{exclusions};
my $entry = "$zone $type"; my $entry = "$zone $type";
$entry .= ":$zoneref->{bridge}" if $type eq 'bport4';
if ( $hostref ) { if ( $hostref ) {
for my $type ( sort keys %$hostref ) { for my $type ( sort keys %$hostref ) {
my $interfaceref = $hostref->{$type}; my $interfaceref = $hostref->{$type};