summaryrefslogtreecommitdiff
path: root/lib/Vyatta/Zone.pm
diff options
context:
space:
mode:
authorMohit Mehta <mohit.mehta@vyatta.com>2009-04-27 17:12:49 -0700
committerMohit Mehta <mohit.mehta@vyatta.com>2009-04-27 17:12:49 -0700
commitd6e357fada10218046dca471a2cffc055eaedc12 (patch)
tree37e8af367d0e79ba5eb916c2b51a39ceb8d3f633 /lib/Vyatta/Zone.pm
parent58dfbcf34bd992567d58f14bcb09294dc97a9297 (diff)
downloadvyatta-cfg-d6e357fada10218046dca471a2cffc055eaedc12.tar.gz
vyatta-cfg-d6e357fada10218046dca471a2cffc055eaedc12.zip
outlaw adding an interface to a zone that has firewall configured for it
Diffstat (limited to 'lib/Vyatta/Zone.pm')
-rwxr-xr-xlib/Vyatta/Zone.pm15
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/Vyatta/Zone.pm b/lib/Vyatta/Zone.pm
index ed55e42..a07d2cd 100755
--- a/lib/Vyatta/Zone.pm
+++ b/lib/Vyatta/Zone.pm
@@ -25,6 +25,7 @@ package Vyatta::Zone;
use Vyatta::Config;
use Vyatta::Misc;
+use Vyatta::Interface;
use strict;
use warnings;
@@ -153,8 +154,20 @@ sub validity_checks {
$returnstring = "local-zone cannot have interfaces defined";
return($returnstring, );
}
- # make sure an interface is not defined under two zones
foreach my $interface (@zone_intfs) {
+ # make sure firewall is not applied to this interface
+ my $intf = new Vyatta::Interface($interface);
+ if ($intf) {
+ my $config = new Vyatta::Config;
+ $config->setLevel($intf->path());
+ if ($config->exists("firewall")) {
+ $returnstring =
+ "interface $interface has firewall configured, " .
+ "cannot be defined under a zone";
+ return($returnstring, );
+ }
+ }
+ # make sure an interface is not defined under two zones
if (scalar(grep(/^$interface$/, @all_interfaces)) > 0) {
return ("$interface defined under two zones", );
} else {