diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-04-27 17:12:49 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-04-27 17:12:49 -0700 |
| commit | d6e357fada10218046dca471a2cffc055eaedc12 (patch) | |
| tree | 37e8af367d0e79ba5eb916c2b51a39ceb8d3f633 /lib | |
| parent | 58dfbcf34bd992567d58f14bcb09294dc97a9297 (diff) | |
| download | vyatta-cfg-d6e357fada10218046dca471a2cffc055eaedc12.tar.gz vyatta-cfg-d6e357fada10218046dca471a2cffc055eaedc12.zip | |
outlaw adding an interface to a zone that has firewall configured for it
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/Vyatta/Zone.pm | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/Vyatta/Zone.pm b/lib/Vyatta/Zone.pm index ed55e42..a07d2cd 100755 --- a/lib/Vyatta/Zone.pm +++ b/lib/Vyatta/Zone.pm @@ -25,6 +25,7 @@ package Vyatta::Zone; use Vyatta::Config; use Vyatta::Misc; +use Vyatta::Interface; use strict; use warnings; @@ -153,8 +154,20 @@ sub validity_checks { $returnstring = "local-zone cannot have interfaces defined"; return($returnstring, ); } - # make sure an interface is not defined under two zones foreach my $interface (@zone_intfs) { + # make sure firewall is not applied to this interface + my $intf = new Vyatta::Interface($interface); + if ($intf) { + my $config = new Vyatta::Config; + $config->setLevel($intf->path()); + if ($config->exists("firewall")) { + $returnstring = + "interface $interface has firewall configured, " . + "cannot be defined under a zone"; + return($returnstring, ); + } + } + # make sure an interface is not defined under two zones if (scalar(grep(/^$interface$/, @all_interfaces)) > 0) { return ("$interface defined under two zones", ); } else { |