From df1e17eaa8ce7bb1d209ae64e6e7406a49d890d7 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 9 Sep 2010 07:09:08 -0700 Subject: [PATCH] Re-enable 'blacklist' on bridge ports --- Shorewall/Perl/Shorewall/Tc.pm | 2 +- Shorewall/Perl/Shorewall/Zones.pm | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 60bc463af..8c7794f52 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -1397,7 +1397,7 @@ sub process_secmark_rule() { my $chain1= $chns{$chain}; fatal_error "Invalid or missing CHAIN ( $chain )" unless $chain1; - fatal_error "USER/GROUP may only be used in the OUTPUT chain" if $user ne '-' && chain1 ne 'tcout'; + fatal_error "USER/GROUP may only be used in the OUTPUT chain" if $user ne '-' && $chain1 ne 'tcout'; if ( ( $state ||= '' ) ne '' ) { my $state1; diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index ac9fc84fa..976b35eda 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -239,7 +239,7 @@ sub initialize( $ ) { if ( $family == F_IPV4 ) { %validinterfaceoptions = (arp_filter => BINARY_IF_OPTION, arp_ignore => ENUM_IF_OPTION, - blacklist => ENUM_IF_OPTION, + blacklist => ENUM_IF_OPTION + IF_OPTION_HOST, bridge => SIMPLE_IF_OPTION, detectnets => OBSOLETE_IF_OPTION, dhcp => SIMPLE_IF_OPTION, @@ -272,7 +272,7 @@ sub initialize( $ ) { sourceonly => 1, ); } else { - %validinterfaceoptions = ( blacklist => ENUM_IF_OPTION, + %validinterfaceoptions = ( blacklist => ENUM_IF_OPTION + IF_OPTION_HOST, bridge => SIMPLE_IF_OPTION, dhcp => SIMPLE_IF_OPTION, maclist => SIMPLE_IF_OPTION + IF_OPTION_HOST,