Disallow more than one address[-range] in SNAT rules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-10-31 15:15:35 -07:00
parent 3a70185284
commit 3f68814a38
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
6 changed files with 8 additions and 6 deletions

View File

@ -232,7 +232,7 @@ sub process_one_masq1( $$$$$$$$$$$$ )
my $addrlist = ''; my $addrlist = '';
my @addrs = split_list $addresses, 'address'; my @addrs = split_list $addresses, 'address';
fatal_error "Only one IPv6 ADDRESS may be specified" if $family == F_IPV6 && @addrs > 1; fatal_error "Only one ADDRESS may be specified" if @addrs > 1;
for my $addr ( @addrs ) { for my $addr ( @addrs ) {
if ( $addr =~ /^([&%])(.+)$/ ) { if ( $addr =~ /^([&%])(.+)$/ ) {

View File

@ -5456,6 +5456,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
my $rule = ''; my $rule = '';
my $saveaddresses = $addresses; my $saveaddresses = $addresses;
my $savetarget = $target; my $savetarget = $target;
my $savebaserule = $baserule;
my $interface = $fullinterface; my $interface = $fullinterface;
$interface =~ s/:.*//; #interface name may include 'alias' $interface =~ s/:.*//; #interface name may include 'alias'
@ -5509,7 +5510,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
my $addrlist = ''; my $addrlist = '';
my @addrs = split_list $addresses, 'address'; my @addrs = split_list $addresses, 'address';
fatal_error "Only one IPv6 ADDRESS may be specified" if $family == F_IPV6 && @addrs > 1; fatal_error "Only one ADDRESS may be specified" if @addrs > 1;
for my $addr ( @addrs ) { for my $addr ( @addrs ) {
if ( $addr =~ /^([&%])(.+)$/ ) { if ( $addr =~ /^([&%])(.+)$/ ) {
@ -5724,6 +5725,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
$addresses = $saveaddresses; $addresses = $saveaddresses;
$target = $savetarget; $target = $savetarget;
$baserule = $savebaserule;
} }
progress_message " Snat record \"$currentline\" $done" progress_message " Snat record \"$currentline\" $done"

View File

@ -164,7 +164,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">ADDRESS</emphasis> (Optional) - [<emphasis <term><emphasis role="bold">ADDRESS</emphasis> (Optional) - [<emphasis
role="bold">-</emphasis>|<emphasis role="bold">-</emphasis>|<emphasis
role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis
role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
role="bold">:random</emphasis>][:persistent]|<emphasis role="bold">:random</emphasis>][:persistent]|<emphasis
role="bold">detect</emphasis>|<emphasis role="bold">detect</emphasis>|<emphasis

View File

@ -75,7 +75,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">SNAT[+]</emphasis>([<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis role="bold">SNAT[+]</emphasis>([<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis
role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
role="bold">:random</emphasis>][:<option>persistent</option>]|<emphasis role="bold">:random</emphasis>][:<option>persistent</option>]|<emphasis
role="bold">detect</emphasis>|</term> role="bold">detect</emphasis>|</term>

View File

@ -125,7 +125,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">ADDRESS</emphasis> (Optional) - [<emphasis <term><emphasis role="bold">ADDRESS</emphasis> (Optional) - [<emphasis
role="bold">-</emphasis>|<emphasis role="bold">-</emphasis>|<emphasis
role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis
role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
role="bold">:random</emphasis>][:persistent]|<emphasis role="bold">:random</emphasis>][:persistent]|<emphasis
role="bold">detect</emphasis>|<emphasis role="bold">detect</emphasis>|<emphasis

View File

@ -75,7 +75,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">SNAT</emphasis>[+]([<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis role="bold">SNAT</emphasis>[+]([<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis
role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
role="bold">:random</emphasis>][:<option>persistent</option>]|<emphasis role="bold">:random</emphasis>][:<option>persistent</option>]|<emphasis
role="bold">detect</emphasis>|</term> role="bold">detect</emphasis>|</term>