* don't allow adding an interface to a zone that has content-inspection enabled

author: Mohit Mehta <mohit@vyatta.com> 2010-10-06 16:22:06 -0700
committer: Mohit Mehta <mohit@vyatta.com> 2010-10-06 16:22:06 -0700
commit: 3ec8c3d238895ff09b329eb8d459a4efdc306a87 (patch)
tree: 13d10776addea4c02285886d1885d142187b4372 /lib/Vyatta/Zone.pm
parent: aeb5e921a30567b13b2e1778778a6cd7523f7322 (diff)
download: vyatta-cfg-3ec8c3d238895ff09b329eb8d459a4efdc306a87.tar.gz
vyatta-cfg-3ec8c3d238895ff09b329eb8d459a4efdc306a87.zip
1 files changed, 21 insertions, 5 deletions
diff --git a/lib/Vyatta/Zone.pm b/lib/Vyatta/Zone.pm
index 0e4981f..b23bc74 100755
--- a/lib/Vyatta/Zone.pm
+++ b/lib/Vyatta/Zone.pm
@@ -171,17 +171,33 @@ sub validity_checks {
           return($returnstring, );
         }
         foreach my $interface (@zone_intfs) {
-          # make sure firewall is not applied to this interface
+          # make sure zone features are not being used on zone interface
           my $intf = new Vyatta::Interface($interface);
           if ($intf) {
             my $config = new Vyatta::Config;
             $config->setLevel($intf->path());
+            # make sure firewall is not applied to this interface
             if ($config->exists("firewall in name") ||
                 $config->exists("firewall out name") ||
-                $config->exists("firewall local name")) {
-              $returnstring = 
-			"interface $interface has firewall configured, " .
-			"cannot be defined under a zone";
+                $config->exists("firewall local name") ||
+                $config->exists("firewall in ipv6-name") ||
+                $config->exists("firewall out ipv6-name") ||
+                $config->exists("firewall local ipv6-name")) {
+              $returnstring =
+                        "interface $interface has firewall rule-set " .
+                        "configured, cannot be defined under a zone";
+              return($returnstring, );
+            }
+            # make sure content-inspection is not applied to this interface
+            if ($config->exists("content-inspection in enable") ||
+                $config->exists("content-inspection out enable") ||
+                $config->exists("content-inspection local enable") ||
+                $config->exists("content-inspection in ipv6-enable") ||
+                $config->exists("content-inspection out ipv6-enable") ||
+                $config->exists("content-inspection local ipv6-enable")) {
+              $returnstring =
+                        "interface $interface has content-inspection " .
+                        "configured, cannot be defined under a zone";
               return($returnstring, );
             }
           }
author	Mohit Mehta <mohit@vyatta.com>	2010-10-06 16:22:06 -0700
committer	Mohit Mehta <mohit@vyatta.com>	2010-10-06 16:22:06 -0700
commit	3ec8c3d238895ff09b329eb8d459a4efdc306a87 (patch)
tree	13d10776addea4c02285886d1885d142187b4372 /lib/Vyatta/Zone.pm
parent	aeb5e921a30567b13b2e1778778a6cd7523f7322 (diff)
download	vyatta-cfg-3ec8c3d238895ff09b329eb8d459a4efdc306a87.tar.gz vyatta-cfg-3ec8c3d238895ff09b329eb8d459a4efdc306a87.zip