diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 2cac3d6ba..e1ca4e5dd 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -1637,7 +1637,6 @@ sub generate_matrix() { # start_matrix; - my $exclusion_seq = 1; my %chain_exclusions; my %policy_exclusions; my @interfaces = ( all_interfaces ); diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm index 410b58473..0e45e11c8 100644 --- a/Shorewall-perl/Shorewall/Zones.pm +++ b/Shorewall-perl/Shorewall/Zones.pm @@ -372,6 +372,7 @@ sub zone_report() my $hostref = $zoneref->{hosts}; my $type = $zoneref->{type}; my $optionref = $zoneref->{options}; + my $exclusions = $zoneref->{exclusions}; $type = $ipzone if $type eq 'ip'; @@ -402,6 +403,18 @@ sub zone_report() } } + if ( $exclusions ) { + for ( @$exclusions ) { + if ( $family == F_IPV4 ) { + progress_message_nocompress " !$_"; + } else { + my $host = $_; + $host =~ s/\|/:</; + progress_message_nocompress " !$host>"; + } + } + } + unless ( $printed ) { fatal_error "No bridge has been associated with zone $zone" if $type eq 'bport' && ! $zoneref->{bridge}; warning_message "*** $zone is an EMPTY ZONE ***" unless $type eq 'firewall'; @@ -462,8 +475,14 @@ sub dump_zone_contents() if ( @$exclusions ) { $entry .= ' exclude'; - for my $host ( @$exclusions ) { - $entry .= " $host"; + for ( @$exclusions ) { + if ( $family == F_IPV4 ) { + $entry .= " $_"; + } else { + my $host = $_; + $host =~ s/\|/:</; + $entry .= " $host>"; + } } }