diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 90b6cb8d3..8039911fd 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -49,7 +49,7 @@ our $export; our $test; -our $family = F_IPV4; +our $family; # # Initilize the package-globals in the other modules diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 6c982ef89..06045c650 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -683,15 +683,16 @@ sub cleanup() { # # Close files first in case we're running under Cygwin # - close $object if $object; - close $scriptfile if $scriptfile; - close $log if $log; + close $object, $object = undef if $object; + close $scriptfile, $scriptfile = undef if $scriptfile; + close $log, $log = undef if $log; # # Unlink temporary files # - unlink $tempfile if $tempfile; - unlink $scriptfilename if $scriptfilename; + unlink $tempfile, $tempfile = undef if $tempfile; + unlink $scriptfilename, $scriptfilename = undef if $scriptfilename; unlink $_ for @tempfiles; + @tempfiles = (); } # diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 30e1a6b5b..940eb03ad 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -359,8 +359,8 @@ sub process_zone( \$ ) { fatal_error "Invalid zone name ($zone)" if $reservedName{$zone} || $zone =~ /^all2|2all$/; fatal_error( "Duplicate zone name ($zone)" ) if $zones{$zone}; - if ( $type =~ /ipv([46])?/i ) { - fatal_error "Invalid zone type ($type)" if $1 && $1 != $family; + if ( $type =~ /^ip(v([46]))?$/i ) { + fatal_error "Invalid zone type ($type)" if $1 && $2 != $family; $type = IP; $$ip = 1; } elsif ( $type =~ /^ipsec([46])?$/i ) { diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 007ed89d7..37fb0bbff 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -29,6 +29,8 @@ Changes in Shorewall 4.4.1 14) Fix rule generated by MULTICAST=Yes +15) Fix silly hole in zones file parsing. + Changes in Shorewall 4.4.0 1) Fix 'compile ... -' so that it no longer requires '-v-1' diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index cac0f2141..40bb8d013 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -255,6 +255,10 @@ None. /etc/shorewall/interfaces, multicast traffic will now be sent to the zone along with limited broadcasts. +5) A flaw in the parsing logic for the zones file allowed most zone + types containing the character string 'ip' to be accepted as a + synonym for 'ipv4' (or ipv6 if compiling an IPv6 configuration). + ---------------------------------------------------------------------------- N E W F E A T U R E S I N 4 . 4 ----------------------------------------------------------------------------