From 06d3f338114141d1fa8c2878a6684dcfd1137e69 Mon Sep 17 00:00:00 2001
From: Alex Harpin <development@landsofshadow.co.uk>
Date: Sat, 12 Dec 2015 20:10:57 +0000
Subject: vyatta-cfg-firewall: update network-group check to allow "this"
 network

Update the check for network-groups to allow zero net addresses as they
are accepted by the current version of ipset used in VyOS, rejecting
only the 0.0.0.0/0 address.  This allows the "this" network (0.0.0.0/8)
to be used in network-groups.

Bug #628 http://bugzilla.vyos.net/show_bug.cgi?id=628
---
 templates/firewall/group/network-group/node.tag/network/node.def | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'templates/firewall')

diff --git a/templates/firewall/group/network-group/node.tag/network/node.def b/templates/firewall/group/network-group/node.tag/network/node.def
index b3e0c18..d08b39d 100644
--- a/templates/firewall/group/network-group/node.tag/network/node.def
+++ b/templates/firewall/group/network-group/node.tag/network/node.def
@@ -5,6 +5,4 @@ val_help: ipv4net; IPv4 Subnet to match
 
 syntax:expression: exec "/opt/vyatta/sbin/ipset-check-member network $VAR(@)"
 
-syntax:expression: exec "                                 \
-          /opt/vyatta/sbin/check_prefix_boundary $VAR(@)" \
-
+syntax:expression: exec "/opt/vyatta/sbin/check_prefix_boundary $VAR(@)"
-- 
cgit v1.2.3