diff options
author | Mohit Mehta <mohit@vyatta.com> | 2011-07-15 11:22:57 -0700 |
---|---|---|
committer | Mohit Mehta <mohit@vyatta.com> | 2011-07-15 12:03:54 -0700 |
commit | 0d3699267b313a59f3e5500c1cab7f00f43b7712 (patch) | |
tree | 12f4951155cf1b818a1b7ef0cd3b38454df25f14 /scripts | |
parent | e7b56735da61b405c988cfb3909f68d5b5dc0d87 (diff) | |
download | vyatta-cfg-firewall-0d3699267b313a59f3e5500c1cab7f00f43b7712.tar.gz vyatta-cfg-firewall-0d3699267b313a59f3e5500c1cab7f00f43b7712.zip |
Fix Bug 7340 Unable to apply modify firewall to interface when zone policy exists
* change commit check to only check if the interface being applied firewall ruleset
is in a zone if only the ruleset type is either name|ipv6-name. Thus, ignoring the
check when modify rule-set is being applied to an interface
(cherry picked from commit 8b2b85a129d3cf23565efe7b0ee15871ebff15c0)
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index 353d208..d3ac47e 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -121,16 +121,19 @@ if ($#updateints == 4) { $iptables_cmd = $cmd_hash{$tree}; if ($action eq "update") { - # make sure interface is not being used in a zone - my @all_zones = Vyatta::Zone::get_all_zones("listNodes"); - foreach my $zone (@all_zones) { - my @zone_interfaces = - Vyatta::Zone::get_zone_interfaces("returnValues", $zone); - if (scalar(grep(/^$int_name$/, @zone_interfaces)) > 0) { - print STDERR 'Firewall config error: ' . - "interface $int_name is defined under zone $zone\n" . - "Cannot use per interface firewall for a zone interface\n"; - exit 1; + # when applying 'name|ipv6-name' rule-set, make + # sure interface is not being used in a zone + if ($tree eq 'name' || $tree eq 'ipv6-name') { + my @all_zones = Vyatta::Zone::get_all_zones("listNodes"); + foreach my $zone (@all_zones) { + my @zone_interfaces = + Vyatta::Zone::get_zone_interfaces("returnValues", $zone); + if (scalar(grep(/^$int_name$/, @zone_interfaces)) > 0) { + print STDERR 'Firewall config error: ' . + "interface $int_name is defined under zone $zone\n" . + "Cannot use per interface firewall for a zone interface\n"; + exit 1; + } } } |