holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Disallow mss and blacklist on firewall and vserver zones

Browse Source
This commit is contained in:
Tom Eastep 2010-09-17 12:46:38 -07:00
parent 330afe1701
commit ab78aac3a4
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -309,10 +309,12 @@ sub parse_zone_option_list($$)
"tunnel-src" => NETWORK, "tunnel-src" => NETWORK,
"tunnel-dst" => NETWORK, "tunnel-dst" => NETWORK,
); );
use constant { UNRESTRICTED => 1, NOFW => 2 };
# #
# Hash of options that have their own key in the returned hash. # Hash of options that have their own key in the returned hash.
# #
my %key = ( mss => 1 , blacklist => 'blacklist' ); my %key = ( mss => NOFW , blacklist => NOFW );
my ( $list, $zonetype ) = @_; my ( $list, $zonetype ) = @_;
my %h; my %h;
@ -345,6 +347,7 @@ sub parse_zone_option_list($$)
} }
if ( $key{$e} ) { if ( $key{$e} ) {
fatal_error "Option '$e' not permitted with this zone type " if $key{$e} == NOFW && ($zonetype == FIREWALL || $zonetype == VSERVER);
$h{$e} = $val || 1; $h{$e} = $val || 1;
} else { } else {
fatal_error "The \"$e\" option may only be specified for ipsec zones" unless $zonetype == IPSEC; fatal_error "The \"$e\" option may only be specified for ipsec zones" unless $zonetype == IPSEC;