diff options
-rw-r--r-- | debian/changelog | 13 | ||||
-rwxr-xr-x | scripts/zone-mgmt/vyatta-zone.pl | 25 | ||||
-rw-r--r-- | templates/zone-policy/node.def | 2 | ||||
-rw-r--r-- | templates/zone-policy/zone/node.tag/from/node.def | 5 |
4 files changed, 42 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 6169cb4c..daf08a88 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +vyatta-cfg-system (0.15.37) unstable; urgency=low + + * * do silent validity check when creating zone chains and adding from + zone rules + + -- Mohit Mehta <mohit.mehta@vyatta.com> Wed, 06 May 2009 16:52:59 -0700 + +vyatta-cfg-system (0.15.36) unstable; urgency=low + + * Split up system login scripts + + -- Stephen Hemminger <stephen.hemminger@vyatta.com> Tue, 05 May 2009 13:51:14 -0700 + vyatta-cfg-system (0.15.35) unstable; urgency=low * * restrict zone name to 20 characters diff --git a/scripts/zone-mgmt/vyatta-zone.pl b/scripts/zone-mgmt/vyatta-zone.pl index b4fc7ad3..37bab3cd 100755 --- a/scripts/zone-mgmt/vyatta-zone.pl +++ b/scripts/zone-mgmt/vyatta-zone.pl @@ -635,12 +635,32 @@ sub set_default_policy { return; } +sub check_zones_validity { + my $silent = shift; + my $error; + $error = Vyatta::Zone::validity_checks(); + if ($error) { + if ($silent eq 'true') { + # called from from/node.def which is a different transaction + # than everything else under zone-policy. We do not want to + # make chains or insert from rules into chains if we have a + # malfunctioning configuration. We fail in a silent way here + # so that when this function is called from zone-policy/node.def + # we will print the error and not repeat the same error twice + exit 1; + } else { + return ($error , ); + } + } + return; +} + # # main # my ($action, $zone_name, $interface, $from_zone, $ruleset_type, $ruleset_name, - $default_policy); + $default_policy, $silent_validate); GetOptions("action=s" => \$action, "zone-name=s" => \$zone_name, @@ -649,6 +669,7 @@ GetOptions("action=s" => \$action, "ruleset-type=s" => \$ruleset_type, "ruleset-name=s" => \$ruleset_name, "default-policy=s" => \$default_policy, + "silent-validate=s" => \$silent_validate, ); die "undefined action" if ! defined $action; @@ -672,7 +693,7 @@ my ($error, $warning); ($error, $warning) = delete_fromzone_fw($zone_name, $from_zone, $ruleset_type, $ruleset_name) if $action eq 'delete-fromzone-fw'; -($error, $warning) = Vyatta::Zone::validity_checks() +($error, $warning) = check_zones_validity($silent_validate) if $action eq 'validity-checks'; ($error, $warning) = add_localzone($zone_name) diff --git a/templates/zone-policy/node.def b/templates/zone-policy/node.def index 2633101e..c4b62433 100644 --- a/templates/zone-policy/node.def +++ b/templates/zone-policy/node.def @@ -1,5 +1,5 @@ help: Configure zone-policy begin: -if ! /opt/vyatta/sbin/vyatta-zone.pl --action=validity-checks --zone-name=none; then +if ! /opt/vyatta/sbin/vyatta-zone.pl --action=validity-checks --zone-name=none --silent-validate=false; then exit 1 fi diff --git a/templates/zone-policy/zone/node.tag/from/node.def b/templates/zone-policy/zone/node.tag/from/node.def index 5273519a..5e37f9f1 100644 --- a/templates/zone-policy/zone/node.tag/from/node.def +++ b/templates/zone-policy/zone/node.tag/from/node.def @@ -7,6 +7,11 @@ allowed: zones=( /opt/vyatta/config/active/zone-policy/zone/* ) echo -n ${zones[@]##*/} +begin: +if ! /opt/vyatta/sbin/vyatta-zone.pl --action=validity-checks --zone-name=none --silent-validate=true; then + exit 1 +fi + create: parent_zone=$VAR(../@) zones=($VAR(../@@)) |