onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-24 20:27:22 +01:00
Code Issues Releases Wiki Activity

see #133 #2097 skip bridge ports while doing negation in interface column, unless firewall is a bridge

Browse Source
This commit is contained in:
Vadim Kurland 2011-02-17 18:33:44 -08:00
parent 581ccdc68e
commit 698286100a
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libfwbuilder/src/fwcompiler/Compiler.cpp
View File

@ -859,6 +859,8 @@ bool Compiler::interfaceNegationInRE::processNext()
if (itfre==NULL)
compiler->abort(rule, "Missing interface rule element");
FWOptions *fwopt = compiler->getCachedFwOpt();
if (itfre->getNeg())
{
// Use getByTypeDeep() to pick subinterfaces (vlans and such)
@ -874,6 +876,10 @@ bool Compiler::interfaceNegationInRE::processNext()
if (intf == NULL) continue;
if (intf->isUnprotected()) continue;
if (intf->isLoopback()) continue;
// skip bridge ports, but use them if this is bridging firewall
if ( ! fwopt->getBool("bridging_fw") && intf->isBridgePort()) continue;
if (intf->getOptionsObject()->getBool("cluster_interface")) continue;
work_interfaces.push_back(intf);
}