debian/changelog | 6 +++ scripts/vyatta-zone-ips.pl | 10 +++-- scripts/vyatta-zone.pl | 14 +++++++ templates-cfg/zone-policy/node.def | 2 - templates-cfg/zone-policy/zone/node.tag/from/node.def | 32 ++---------------- 5 files changed, 30 insertions(+), 34 deletions(-)
New commits: commit 0dacd320080b04d15332b7790d591ec757297707 Author: Mohit Mehta <[email protected]> Date: Thu Jun 16 13:02:43 2011 -0700 0.10 commit dfa0b5ee3b2578ddc62b19c00b7be1711b89f47e Author: Mohit Mehta <[email protected]> Date: Thu Jun 16 12:46:06 2011 -0700 Bug 7154 Priority inversion error when deleting zone policy * Inverted Zone priorities to comply with new commit implementation. Previously, Zone priorities were: 245 zone-policy/zone/node.tag/from # after firewall, content-inspection 250 zone-policy # after zone-policy/zone/node.tag/from/ Now, Zone priorities look like this: 250 zone-policy # after firewall, content-inspection 251 zone-policy/zone/node.tag/from # after zone-policy This required an in-depth look at all zone-policy templates and all of Zone FW and IPS code to make sure that all of the different combinations of actions under zone-policy still work right. The combination of actions that needed most attention are the ones where actions in one priority are executed in the same commit as actions in other priority. Example "deleting the only interface in a zone and also, modifying firewall ruleset from that zone to another zone and deleting content-inspection from that zone to another zone" vyatta@vDUT-5# compare [edit zone-policy zone dmz] -interface eth0 [edit zone-policy zone lan from dmz] -content-inspection { - enable -} [edit zone-policy zone lan from dmz firewall] >name allow_all_another [edit] http://suva.vyatta.com/git/?p=vyatta-zone.git;a=commitdiff;h=0dacd320080b04d15332b7790d591ec757297707 http://suva.vyatta.com/git/?p=vyatta-zone.git;a=commitdiff;h=dfa0b5ee3b2578ddc62b19c00b7be1711b89f47e _______________________________________________ svn mailing list [email protected] http://mailman.vyatta.com/mailman/listinfo/svn
