summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorMohit Mehta <mohit@vyatta.com>2010-10-06 16:22:06 -0700
committerMohit Mehta <mohit@vyatta.com>2010-10-06 16:22:06 -0700
commit3ec8c3d238895ff09b329eb8d459a4efdc306a87 (patch)
tree13d10776addea4c02285886d1885d142187b4372 /lib
parentaeb5e921a30567b13b2e1778778a6cd7523f7322 (diff)
downloadvyatta-cfg-3ec8c3d238895ff09b329eb8d459a4efdc306a87.tar.gz
vyatta-cfg-3ec8c3d238895ff09b329eb8d459a4efdc306a87.zip
* don't allow adding an interface to a zone that has content-inspection enabled
Diffstat (limited to 'lib')
-rwxr-xr-xlib/Vyatta/Zone.pm26
1 files changed, 21 insertions, 5 deletions
diff --git a/lib/Vyatta/Zone.pm b/lib/Vyatta/Zone.pm
index 0e4981f..b23bc74 100755
--- a/lib/Vyatta/Zone.pm
+++ b/lib/Vyatta/Zone.pm
@@ -171,17 +171,33 @@ sub validity_checks {
return($returnstring, );
}
foreach my $interface (@zone_intfs) {
- # make sure firewall is not applied to this interface
+ # make sure zone features are not being used on zone interface
my $intf = new Vyatta::Interface($interface);
if ($intf) {
my $config = new Vyatta::Config;
$config->setLevel($intf->path());
+ # make sure firewall is not applied to this interface
if ($config->exists("firewall in name") ||
$config->exists("firewall out name") ||
- $config->exists("firewall local name")) {
- $returnstring =
- "interface $interface has firewall configured, " .
- "cannot be defined under a zone";
+ $config->exists("firewall local name") ||
+ $config->exists("firewall in ipv6-name") ||
+ $config->exists("firewall out ipv6-name") ||
+ $config->exists("firewall local ipv6-name")) {
+ $returnstring =
+ "interface $interface has firewall rule-set " .
+ "configured, cannot be defined under a zone";
+ return($returnstring, );
+ }
+ # make sure content-inspection is not applied to this interface
+ if ($config->exists("content-inspection in enable") ||
+ $config->exists("content-inspection out enable") ||
+ $config->exists("content-inspection local enable") ||
+ $config->exists("content-inspection in ipv6-enable") ||
+ $config->exists("content-inspection out ipv6-enable") ||
+ $config->exists("content-inspection local ipv6-enable")) {
+ $returnstring =
+ "interface $interface has content-inspection " .
+ "configured, cannot be defined under a zone";
return($returnstring, );
}
}