Re-enable 'blacklist' on bridge ports

2010-09-09 07:09:08 -07:00 · 2010-09-09 07:09:08 -07:00 · df1e17eaa8
commit df1e17eaa8
parent 7e8979157c
2 changed files with 3 additions and 3 deletions
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -1397,7 +1397,7 @@ sub process_secmark_rule() {
    my $chain1= $chns{$chain};
    
    fatal_error "Invalid or missing CHAIN ( $chain )" unless $chain1;
-    fatal_error "USER/GROUP may only be used in the OUTPUT chain" if $user ne '-' && chain1 ne 'tcout';
+    fatal_error "USER/GROUP may only be used in the OUTPUT chain" if $user ne '-' && $chain1 ne 'tcout';

    if ( ( $state ||= '' ) ne '' ) {
 	my $state1;
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@ -239,7 +239,7 @@ sub initialize( $ ) {
    if ( $family == F_IPV4 ) {
 	%validinterfaceoptions = (arp_filter  => BINARY_IF_OPTION,
 				  arp_ignore  => ENUM_IF_OPTION,
-				  blacklist   => ENUM_IF_OPTION,
+				  blacklist   => ENUM_IF_OPTION + IF_OPTION_HOST,
 				  bridge      => SIMPLE_IF_OPTION,
 				  detectnets  => OBSOLETE_IF_OPTION,
 				  dhcp        => SIMPLE_IF_OPTION,
@ -272,7 +272,7 @@ sub initialize( $ ) {
 			     sourceonly => 1,
 			    );
    } else {
-	%validinterfaceoptions = (  blacklist   => ENUM_IF_OPTION,
+	%validinterfaceoptions = (  blacklist   => ENUM_IF_OPTION + IF_OPTION_HOST,
 				    bridge      => SIMPLE_IF_OPTION,
 				    dhcp        => SIMPLE_IF_OPTION,
 				    maclist     => SIMPLE_IF_OPTION + IF_OPTION_HOST,