diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-03-24 15:22:41 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-03-24 15:22:41 -0700 |
| commit | 6f1a6a7e8dd8bd5315a0faa128db9eafced5cff2 (patch) | |
| tree | 7d71a4f812badd924207c9a204de2f84000c23f7 /templates | |
| parent | c90ed03225e252fd029c752496f4bf4d850b0194 (diff) | |
| download | vyatta-cfg-system-6f1a6a7e8dd8bd5315a0faa128db9eafced5cff2.tar.gz vyatta-cfg-system-6f1a6a7e8dd8bd5315a0faa128db9eafced5cff2.zip | |
Fix Bug 5487 http redirect url address placed on the router gets blocked by
local-zone's firewall when using Zone Based Firewall
* changed local zones INPUT and OUTPUT chain rules to allow all local-zone
traffic on the loopback interface rather than using address 127.0.0.1 which
was too restrictive and blocked certain traffic initiated from and going to
local-zone itself. This is compliant with the Zone Concept and similar to
what's done for other transient zones as well where rules are interface based
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/zone-policy/zone/node.tag/interface/node.def | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/templates/zone-policy/zone/node.tag/interface/node.def b/templates/zone-policy/zone/node.tag/interface/node.def index 845a5e8c..64a3c2fc 100644 --- a/templates/zone-policy/zone/node.tag/interface/node.def +++ b/templates/zone-policy/zone/node.tag/interface/node.def @@ -3,6 +3,8 @@ type: txt help: Set interface associated with zone allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=all | sed -e s/'lo '// +syntax:expression: $VAR(@) != "lo" ; "Cannot assign loopback interface to a transit zone. It's part of local-zone" + create: /opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --warn create: |