@@ -3,6 +3,7 @@

+  * forbid_remote is a per-tunnel option.

diff --git a/changelog b/changelog
index efda19098d3e7770bdb807abd59276dca7b9f877..68efa1b8257de12fe2decb3cdc3e02027fd6f9a4 100644 (file)
--- a/changelog
+++ b/changelog
@@ -3,6 +3,7 @@ userv-utils (0.2.2) unstable; urgency=low
   * udptunnel-reconf default script pauses for 10s between restarts.
   * udptunnel-reconf inittab entries default to having </dev/null.
   * udptunnel-reconf understands forbid_remote set to `-'.
+  * forbid_remote is a per-tunnel option.
   * www-cgi passes HTTP_COOKIE header.
 
  --

diff --git a/ipif/udptunnel-reconf.pl b/ipif/udptunnel-reconf.pl
index 489593d32735e4999c8f1b6536e93c7a3bffd51e..1c23f3dd0a5428a56816d630c43cfcec8535cfe9 100755 (executable)
--- a/ipif/udptunnel-reconf.pl
+++ b/ipif/udptunnel-reconf.pl
@@ -17,7 +17,7 @@
 # along with userv-utils; if not, write to the Free Software
 # Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 #
-# $Id: udptunnel-reconf.pl,v 1.3 2001/09/26 00:12:14 ian Exp $
+# $Id: udptunnel-reconf.pl,v 1.4 2001/09/26 00:18:56 ian Exp $
 
 use Socket;
 
@@ -94,14 +94,6 @@ sub parse_addr_mask ($) {
     return ($iaddr, $mask);
 }
 
-$forbid_remote= var_global('forbid_remote');
-@forbid_remote= ();
-if ($forbid_remote ne '-') {
-    foreach $r (split /[, \t]+/, $forbid_remote) {
-       push @forbid_remote, [ parse_addr_mask($r) ];
-    }
-}
-
 sub ipif_permit ($$$$) {
     my ($group,$local,$net,$why) = @_;
     my ($pmask,$piaddr,$fmask,$fiaddr,@lgroup,$lgid);
@@ -133,6 +125,14 @@ if ($glend !~ m/^V_/ && $glgroup !~ m/^V_/ &&
 }
 
 foreach $site (@actives, @passives) {
+    $forbid_remote= var_site('forbid_remote');
+    @forbid_remote= ();
+    if ($forbid_remote ne '-') {
+       foreach $r (split /[, \t]+/, $forbid_remote) {
+           push @forbid_remote, [ parse_addr_mask($r) ];
+       }
+    }
+
     $tlend= var_site('lend')."/32";
     $tlgroup= var_site('lgroup');
     if ($tlend ne $glend || $tlgroup ne $glgroup) {