onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-23 03:37:15 +01:00
Code Issues Releases Wiki Activity

* safety_net_acl: fixed #1687 "temporary access list commands

Browse Source 
syntax is incorrect". Temporary ACL generated for the Procurve
platform was incorrect.
This commit is contained in:
Vadim Kurland 2010-08-18 01:14:14 +00:00
parent cfaf044212
commit 42e3e6f445
4 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 3231
#define BUILD_NUM 3232

4
doc/ChangeLog
View File

@ -1,5 +1,9 @@
2010-08-17 Vadim Kurland <vadim@vk.crocodile.org>
* safety_net_acl: fixed #1687 "temporary access list commands
syntax is incorrect". Temporary ACL generated for the Procurve
platform was incorrect.
* PolicyCompiler_cisco.cpp (PolicyCompiler_cisco::setAllNetworkZonesToAny):
fixed #1690 "IOS ACL and Procurve ACL compilers fail because
interfaces are not assumed to have network zone "any" anymore".

7
src/cisco_lib/CompilerDriver_iosacl.cpp
View File

@ -216,6 +216,13 @@ string CompilerDriver_iosacl::safetyNetInstall(Firewall *fw)
(itype == "8021q"));
configlet.setVariable("management_interface_is_not_vlan",
(itype != "8021q"));
if (itype == "8021q")
configlet.setVariable("management_interface_vlan_id",
ifopt->getInt("vlan_id"));
else
configlet.setVariable("management_interface_vlan_id", "");
break;
}
}

4
src/res/configlets/procurve/safety_net_acl
View File

@ -16,13 +16,13 @@
{{if ipv4}}
{{if management_interface_is_vlan}}
no {{$management_interface}} ip access-group tmp_acl in
no vlan {{$management_interface_vlan_id}} ip access-group tmp_acl in
no ip access-list extended tmp_acl
ip access-list extended tmp_acl
permit ip {{$management_addr}} {{$management_netm}} any
deny ip any any
exit
{{$management_interface}} ip access-group tmp_acl in
vlan {{$management_interface_vlan_id}} ip access-group tmp_acl in
{{endif}}
{{if management_interface_is_not_vlan}}