mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-19 04:41:07 +01:00
Improve undefined interface checking
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1225 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9ddf679cf6
commit
058de7b9b1
@ -483,11 +483,27 @@ match_dest_hosts()
|
|||||||
# Similarly, the source or destination in a rule can be qualified by a device name. If
|
# Similarly, the source or destination in a rule can be qualified by a device name. If
|
||||||
# the device is defined in /etc/shorewall/interfaces then a normal interface match is
|
# the device is defined in /etc/shorewall/interfaces then a normal interface match is
|
||||||
# generated (-i or -o); otherwise, a physdev match is generated.
|
# generated (-i or -o); otherwise, a physdev match is generated.
|
||||||
|
#-------------------------------------------------------------------------------------
|
||||||
#
|
#
|
||||||
|
# loosely match the passed interface with those in /etc/shorewall/interfaces.
|
||||||
|
#
|
||||||
|
known_interface() # $1 = interface name
|
||||||
|
{
|
||||||
|
local iface
|
||||||
|
|
||||||
|
for iface in $all_interfaces ; do
|
||||||
|
if if_match $iface $1 ; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
match_source_dev()
|
match_source_dev()
|
||||||
{
|
{
|
||||||
if [ -n "$BRIDGING" ]; then
|
if [ -n "$BRIDGING" ]; then
|
||||||
list_search $1 $all_interfaces && echo -i $1 || physdev_echo "--physdev-in $1"
|
known_interface $1 && echo -i $1 || physdev_echo "--physdev-in $1"
|
||||||
else
|
else
|
||||||
echo -i $1
|
echo -i $1
|
||||||
fi
|
fi
|
||||||
@ -496,7 +512,7 @@ match_source_dev()
|
|||||||
match_dest_dev()
|
match_dest_dev()
|
||||||
{
|
{
|
||||||
if [ -n "$BRIDGING" ]; then
|
if [ -n "$BRIDGING" ]; then
|
||||||
list_search $1 $all_interfaces && echo -o $1 || physdev_echo "--physdev-out $1"
|
known_interface $1 && echo -o $1 || physdev_echo "--physdev-out $1"
|
||||||
else
|
else
|
||||||
echo -o $1
|
echo -o $1
|
||||||
fi
|
fi
|
||||||
@ -652,10 +668,10 @@ validate_interfaces_file() {
|
|||||||
wildcard=
|
wildcard=
|
||||||
|
|
||||||
case $interface in
|
case $interface in
|
||||||
*:*)
|
*:*|+)
|
||||||
startup_error "Invalid Interface Name: $interface"
|
startup_error "Invalid Interface Name: $interface"
|
||||||
;;
|
;;
|
||||||
*+*)
|
*+)
|
||||||
wildcard=Yes
|
wildcard=Yes
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
@ -502,11 +502,11 @@ ip_vlsm() {
|
|||||||
|
|
||||||
#
|
#
|
||||||
# Chain name base for an interface -- replace all periods with underscores in the passed name.
|
# Chain name base for an interface -- replace all periods with underscores in the passed name.
|
||||||
# The result is echoed (less "+" and anything following).
|
# The result is echoed (less trailing "+").
|
||||||
#
|
#
|
||||||
chain_base() #$1 = interface
|
chain_base() #$1 = interface
|
||||||
{
|
{
|
||||||
local c=${1%%+*}
|
local c=${1%%+}
|
||||||
|
|
||||||
while true; do
|
while true; do
|
||||||
case $c in
|
case $c in
|
||||||
@ -524,31 +524,18 @@ chain_base() #$1 = interface
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Remove trailing digits from a name
|
|
||||||
#
|
|
||||||
strip_trailing_digits() {
|
|
||||||
echo $1 | sed s'/[0-9].*$//'
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Loosly Match the name of an interface
|
# Loosly Match the name of an interface
|
||||||
#
|
#
|
||||||
|
|
||||||
if_match() # $1 = Name in interfaces file - may end in "+"
|
if_match() # $1 = Name in interfaces file - may end in "+"
|
||||||
# $2 = Name from routing table
|
# $2 = Full interface name - may also end in "+"
|
||||||
{
|
{
|
||||||
local if_file=$1
|
local pattern=${1%+}
|
||||||
local rt_table=$2
|
local interface=${2%+}
|
||||||
|
|
||||||
|
test "x${interface:0:${#pattern}}" = "x${pattern}"
|
||||||
|
|
||||||
case $if_file in
|
|
||||||
*+)
|
|
||||||
test "$(strip_trailing_digits $rt_table)" = "${if_file%+}"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
test "$rt_table" = "$if_file"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user