holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Apply nets= fix to 4.4.0

Browse Source
This commit is contained in:
Tom Eastep 2009-08-29 07:27:32 -07:00
parent 0b681a49ea
commit a623dc28aa
4 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -601,7 +601,6 @@ sub add_group_to_zone($$$$$)
my $interfaceref; my $interfaceref;
my $zoneref = $zones{$zone}; my $zoneref = $zones{$zone};
my $zonetype = $zoneref->{type}; my $zonetype = $zoneref->{type};
my $ifacezone = $interfaces{$interface}{zone};
$zoneref->{interfaces}{$interface} = 1; $zoneref->{interfaces}{$interface} = 1;
@ -610,8 +609,6 @@ sub add_group_to_zone($$$$$)
my $new = \@newnetworks; my $new = \@newnetworks;
my $switched = 0; my $switched = 0;
$ifacezone = '' unless defined $ifacezone;
for my $host ( @$networks ) { for my $host ( @$networks ) {
$interfaces{$interface}{nets}++; $interfaces{$interface}{nets}++;
@ -626,8 +623,8 @@ sub add_group_to_zone($$$$$)
unless ( $switched ) { unless ( $switched ) {
if ( $type == $zonetype ) { if ( $type == $zonetype ) {
fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if $ifacezone eq $zone; fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if $interfaces{$interface}{zone} eq $zone;
$ifacezone = $zone if $host eq ALLIP; $interfaces{$interface}{zone} = $zone if $host eq ALLIP;
} }
} }
@ -887,14 +884,14 @@ sub process_interface( $ ) {
number => $nextinum , number => $nextinum ,
root => $root , root => $root ,
broadcasts => $broadcasts , broadcasts => $broadcasts ,
options => \%options }; options => \%options ,
zone => ''
};
$nets = [ allip ] unless $nets; $nets = [ allip ] unless $nets;
add_group_to_zone( $zone, $zoneref->{type}, $interface, $nets, $hostoptionsref ) if $zone; add_group_to_zone( $zone, $zoneref->{type}, $interface, $nets, $hostoptionsref ) if $zone;
$interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone()
progress_message " Interface \"$currentline\" Validated"; progress_message " Interface \"$currentline\" Validated";
return $interface; return $interface;

2
Shorewall/changelog.txt
View File

@ -3,6 +3,8 @@ Changes in Shorewall 4.4.0.2
1) Fix MULTICAST=Yes and ACCEPT policy. 1) Fix MULTICAST=Yes and ACCEPT policy.
2) Allow extension of zone definition with nets=.
Changes in Shorewall 4.4.0.1 Changes in Shorewall 4.4.0.1
1) Updated release versions. 1) Updated release versions.

4
Shorewall/known_problems.txt
View File

@ -20,3 +20,7 @@
This problem was corrected in Shorewall 4.4.0.2. This problem was corrected in Shorewall 4.4.0.2.
4) If a zone is defined with nets= in /etc/shorewall/zones, that
definition cannot be extended by entries in /etc/shorewall/hosts.
This problem was corrected in Shorewall 4.4.0.2.

6
Shorewall/releasenotes.txt
View File

@ -160,7 +160,11 @@ Shorewall 4.4.0 patch release 1.
1) If MULTICAST=Yes in shorewall.conf, then multicast traffic was 1) If MULTICAST=Yes in shorewall.conf, then multicast traffic was
excluded from ACCEPT policies. excluded from ACCEPT policies.
---------------------------------------------------------------------------- 2) If a zone was defined with nets= in /etc/shorewall/zones, that
definition could not be extended by entries in
/etc/shorewall/hosts.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 . 1 P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 . 1
---------------------------------------------------------------------------- ----------------------------------------------------------------------------