From 8311259a6e2a6ac475c3d8c9a2df099469bf8277 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Wed, 27 Oct 2021 10:13:59 -0400 Subject: [PATCH 45/50] fix(zone): detect same source/interface in zones Fixes: rhbz2014383 (cherry picked from commit 4b721abb087a529596722a045a63a65af2e0566a) (cherry picked from commit 081fcfe7b255b2e0f91c4a3dc55539e4cfd4b7d1) --- src/firewall/core/io/zone.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py index 3aea94a13155..4291ec9cba00 100644 --- a/src/firewall/core/io/zone.py +++ b/src/firewall/core/io/zone.py @@ -193,11 +193,26 @@ class Zone(IO_Object): for interface in config: if not checkInterface(interface): raise FirewallError(errors.INVALID_INTERFACE, interface) + if self.fw_config: + for zone in self.fw_config.get_zones(): + if zone == self.name: + continue + if interface in self.fw_config.get_zone(zone).interfaces: + raise FirewallError(errors.INVALID_INTERFACE, + "interface '{}' already bound to zone '{}'".format(interface, zone)) elif item == "sources": for source in config: if not checkIPnMask(source) and not checkIP6nMask(source) and \ not check_mac(source) and not source.startswith("ipset:"): raise FirewallError(errors.INVALID_ADDR, source) + if self.fw_config: + for zone in self.fw_config.get_zones(): + if zone == self.name: + continue + if source in self.fw_config.get_zone(zone).sources: + raise FirewallError(errors.INVALID_ADDR, + "source '{}' already bound to zone '{}'".format(source, zone)) + def check_name(self, name): super(Zone, self).check_name(name) -- 2.27.0