summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorMohit Mehta <mohit@vyatta.com>2011-07-15 11:22:57 -0700
committerMohit Mehta <mohit@vyatta.com>2011-07-15 12:03:54 -0700
commit0d3699267b313a59f3e5500c1cab7f00f43b7712 (patch)
tree12f4951155cf1b818a1b7ef0cd3b38454df25f14 /scripts
parente7b56735da61b405c988cfb3909f68d5b5dc0d87 (diff)
downloadvyatta-cfg-firewall-0d3699267b313a59f3e5500c1cab7f00f43b7712.tar.gz
vyatta-cfg-firewall-0d3699267b313a59f3e5500c1cab7f00f43b7712.zip
Fix Bug 7340 Unable to apply modify firewall to interface when zone policy exists
* change commit check to only check if the interface being applied firewall ruleset is in a zone if only the ruleset type is either name|ipv6-name. Thus, ignoring the check when modify rule-set is being applied to an interface (cherry picked from commit 8b2b85a129d3cf23565efe7b0ee15871ebff15c0)
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/firewall/vyatta-firewall.pl23
1 files changed, 13 insertions, 10 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl
index 353d208..d3ac47e 100755
--- a/scripts/firewall/vyatta-firewall.pl
+++ b/scripts/firewall/vyatta-firewall.pl
@@ -121,16 +121,19 @@ if ($#updateints == 4) {
$iptables_cmd = $cmd_hash{$tree};
if ($action eq "update") {
- # make sure interface is not being used in a zone
- my @all_zones = Vyatta::Zone::get_all_zones("listNodes");
- foreach my $zone (@all_zones) {
- my @zone_interfaces =
- Vyatta::Zone::get_zone_interfaces("returnValues", $zone);
- if (scalar(grep(/^$int_name$/, @zone_interfaces)) > 0) {
- print STDERR 'Firewall config error: ' .
- "interface $int_name is defined under zone $zone\n" .
- "Cannot use per interface firewall for a zone interface\n";
- exit 1;
+ # when applying 'name|ipv6-name' rule-set, make
+ # sure interface is not being used in a zone
+ if ($tree eq 'name' || $tree eq 'ipv6-name') {
+ my @all_zones = Vyatta::Zone::get_all_zones("listNodes");
+ foreach my $zone (@all_zones) {
+ my @zone_interfaces =
+ Vyatta::Zone::get_zone_interfaces("returnValues", $zone);
+ if (scalar(grep(/^$int_name$/, @zone_interfaces)) > 0) {
+ print STDERR 'Firewall config error: ' .
+ "interface $int_name is defined under zone $zone\n" .
+ "Cannot use per interface firewall for a zone interface\n";
+ exit 1;
+ }
}
}