From e731ea1ca8cb57923b871f68a5ded11059ea9a4a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 15 Apr 2014 11:54:58 -0700 Subject: [PATCH] Revert "Always inherit interface options" This reverts commit 65cde3475fdb427d206fab1c3249fbb205295167. --- Shorewall/Perl/Shorewall/Zones.pm | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index ad769996b..9a110cdaa 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -817,12 +817,6 @@ sub add_group_to_zone($$$$$) $zoneref->{interfaces}{$interface} = 1; $zoneref->{destonly} ||= $interfaceref->{options}{destonly}; $options->{destonly} ||= $interfaceref->{options}{destonly}; - # - # Make 'find_hosts_by_option()' work correctly for this zone - # - for ( qw/blacklist maclist nosmurfs tcpflags/ ) { - $options->{$_} = $interfaceref->{options}{$_} if $interfaceref->{options}{$_} && ! exists $options->{$_}; - } $interfaceref->{zones}{$zone} = 1; @@ -857,6 +851,13 @@ sub add_group_to_zone($$$$$) if ( $host eq ALLIP ) { fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if @newnetworks; $interfaces{$interface}{zone} = $zone; + # + # Make 'find_hosts_by_option()' work correctly for this zone + # + for ( qw/blacklist maclist nosmurfs tcpflags/ ) { + $options->{$_} = $interfaceref->{options}{$_} if $interfaceref->{options}{$_}; + } + $allip = 1; } }