Fix Bug 7340 Unable to apply modify firewall to interface when zone policy exists

* change commit check to only check if the interface being applied firewall ruleset
  is in a zone if only the ruleset type is either name|ipv6-name. Thus, ignoring the
  check when modify rule-set is being applied to an interface
(cherry picked from commit 8b2b85a129d3cf23565efe7b0ee15871ebff15c0)
(cherry picked from commit 0d3699267b313a59f3e5500c1cab7f00f43b7712)

1 files changed, 13 insertions, 10 deletions

diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl
index 353d208..d3ac47e 100755
--- a/scripts/firewall/vyatta-firewall.pl
+++ b/scripts/firewall/vyatta-firewall.pl
@@ -121,16 +121,19 @@ if ($#updateints == 4) {
   $iptables_cmd = $cmd_hash{$tree};
 
   if ($action eq "update") {
-    # make sure interface is not being used in a zone
-    my @all_zones = Vyatta::Zone::get_all_zones("listNodes");
-    foreach my $zone (@all_zones) {
-      my @zone_interfaces =
-         Vyatta::Zone::get_zone_interfaces("returnValues", $zone);
-      if (scalar(grep(/^$int_name$/, @zone_interfaces)) > 0) {
-        print STDERR 'Firewall config error: ' .
-                   "interface $int_name is defined under zone $zone\n" .
-        "Cannot use per interface firewall for a zone interface\n";
-        exit 1;
+    # when applying 'name|ipv6-name' rule-set, make
+    # sure interface is not being used in a zone
+    if ($tree eq 'name' || $tree eq 'ipv6-name') {
+      my @all_zones = Vyatta::Zone::get_all_zones("listNodes");
+      foreach my $zone (@all_zones) {
+        my @zone_interfaces =
+          Vyatta::Zone::get_zone_interfaces("returnValues", $zone);
+        if (scalar(grep(/^$int_name$/, @zone_interfaces)) > 0) {
+          print STDERR 'Firewall config error: ' .
+          "interface $int_name is defined under zone $zone\n" .
+          "Cannot use per interface firewall for a zone interface\n";
+          exit 1;
+        }
       }
     }