[OS-891] Setting allow_ip_spoofing = 1 in zone xml does not disable L3PROTECT

2 files changed, 2 insertions, 4 deletions

diff --git a/usr/src/lib/brand/joyent/zone/statechange.ksh b/usr/src/lib/brand/joyent/zone/statechange.ksh
index 70be7819b4..97b041528a 100644
--- a/usr/src/lib/brand/joyent/zone/statechange.ksh
+++ b/usr/src/lib/brand/joyent/zone/statechange.ksh
@@ -248,7 +248,6 @@ setup_net()
 		fi
 		if [[ $allow_ip_spoof != "1" ]]; then
 			spoof_opts="${spoof_opts}${comma}ip-nospoof"
-			ip_spoof_enabled="true"
 			comma=","
 		fi
 		if [[ $allow_restricted_traffic != "1" ]]; then
@@ -288,7 +287,7 @@ setup_net()
 			fi
 		fi
 
-		if [[ -n "${zone_ip}" ]] && [[ -n "${ip_spoof_enabled}" ]] && \
+		if [[ -n "${zone_ip}" ]] && [[ $allow_ip_spoof != "1" ]] && \
 			    [[ "${zone_ip}" != "dhcp" ]]; then
 			dladm set-linkprop -t -z $ZONENAME \
 			    -p "allowed-ips=${zone_ip}" ${nic}
diff --git a/usr/src/lib/brand/kvm/zone/statechange.ksh b/usr/src/lib/brand/kvm/zone/statechange.ksh
index 22f647775a..efb10be50e 100755
--- a/usr/src/lib/brand/kvm/zone/statechange.ksh
+++ b/usr/src/lib/brand/kvm/zone/statechange.ksh
@@ -221,7 +221,6 @@ setup_net()
 		fi
 		if [[ $allow_ip_spoof != "1" ]]; then
 			spoof_opts="${spoof_opts}${comma}ip-nospoof"
-			ip_spoof_enabled="true"
 			comma=","
 		fi
 		if [[ $allow_restricted_traffic != "1" ]]; then
@@ -244,7 +243,7 @@ setup_net()
 			fi
 		fi
 
-		if [[ -n "${zone_ip}" ]] && [[ -n "${ip_spoof_enabled}" ]] && \
+		if [[ -n "${zone_ip}" ]] && [[ $allow_ip_spoof != "1" ]] && \
 			    [[ "${zone_ip}" != "dhcp" ]]; then
 			dladm set-linkprop -t -z $ZONENAME \
 			    -p "allowed-ips=${zone_ip}" ${nic}