Properly handle deleted zones and ipsets on restarts
[project/firewall3.git] / zones.c
diff --git a/zones.c b/zones.c
index a2ace47..a9a559e 100644 (file)
--- a/zones.c
+++ b/zones.c
@@ -73,15 +73,15 @@ const struct fw3_option fw3_zone_opts[] = {
 
        FW3_LIST("network",            device,   zone,     networks),
        FW3_LIST("device",             device,   zone,     devices),
-       FW3_LIST("subnet",             address,  zone,     subnets),
+       FW3_LIST("subnet",             network,  zone,     subnets),
 
        FW3_OPT("input",               target,   zone,     policy_input),
        FW3_OPT("forward",             target,   zone,     policy_forward),
        FW3_OPT("output",              target,   zone,     policy_output),
 
        FW3_OPT("masq",                bool,     zone,     masq),
-       FW3_LIST("masq_src",           address,  zone,     masq_src),
-       FW3_LIST("masq_dest",          address,  zone,     masq_dest),
+       FW3_LIST("masq_src",           network,  zone,     masq_src),
+       FW3_LIST("masq_dest",          network,  zone,     masq_dest),
 
        FW3_OPT("extra",               string,   zone,     extra_src),
        FW3_OPT("extra_src",           string,   zone,     extra_src),
@@ -462,9 +462,13 @@ print_zone_rule(struct fw3_state *state, enum fw3_family family,
                        fw3_foreach(msrc, &zone->masq_src)
                        fw3_foreach(mdest, &zone->masq_dest)
                        {
-                               fw3_pr("-A zone_%s_postrouting ", zone->name);
+                               if (!fw3_is_family(msrc, family) ||
+                                   !fw3_is_family(mdest, family))
+                                       continue;
+
+                               fw3_pr("-A zone_%s_postrouting", zone->name);
                                fw3_format_src_dest(msrc, mdest);
-                               fw3_pr("-j MASQUERADE\n");
+                               fw3_pr(" -j MASQUERADE\n");
                        }
                }
                break;
@@ -484,7 +488,8 @@ fw3_print_zone_chains(struct fw3_state *state, enum fw3_family family,
        struct fw3_zone *zone;
 
        list_for_each_entry(zone, &state->zones, list)
-               print_zone_chain(state, family, table, reload, zone);
+               if (!hasbit(zone->flags[0], FW3_FLAG_DELETED))
+                       print_zone_chain(state, family, table, reload, zone);
 }
 
 void
@@ -494,7 +499,8 @@ fw3_print_zone_rules(struct fw3_state *state, enum fw3_family family,
        struct fw3_zone *zone;
 
        list_for_each_entry(zone, &state->zones, list)
-               print_zone_rule(state, family, table, reload, zone);
+               if (!hasbit(zone->flags[0], FW3_FLAG_DELETED))
+                       print_zone_rule(state, family, table, reload, zone);
 }
 
 void