From 6f1a6a7e8dd8bd5315a0faa128db9eafced5cff2 Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit.mehta@vyatta.com>
Date: Wed, 24 Mar 2010 15:22:41 -0700
Subject: Fix Bug 5487  http redirect url address placed on the router gets
 blocked by               local-zone's firewall when using Zone Based Firewall
 * changed local zones INPUT and OUTPUT chain rules to allow all local-zone  
 traffic on the loopback interface rather than using address 127.0.0.1 which  
 was too restrictive and blocked certain traffic initiated from and going to  
 local-zone itself. This is compliant with the Zone Concept and similar to  
 what's done for other transient zones as well where rules are interface based

---
 templates/zone-policy/zone/node.tag/interface/node.def | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'templates/zone-policy')

diff --git a/templates/zone-policy/zone/node.tag/interface/node.def b/templates/zone-policy/zone/node.tag/interface/node.def
index 845a5e8c..64a3c2fc 100644
--- a/templates/zone-policy/zone/node.tag/interface/node.def
+++ b/templates/zone-policy/zone/node.tag/interface/node.def
@@ -3,6 +3,8 @@ type: txt
 help: Set interface associated with zone
 allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=all | sed -e s/'lo '//
 
+syntax:expression: $VAR(@) != "lo" ; "Cannot assign loopback interface to a transit zone. It's part of local-zone"
+
 create: /opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --warn
 
 create: 
-- 
cgit v1.2.3