From 44e0821f662ae090104064e10caf9c32a6b51ebe Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 18 Jul 2002 13:43:51 +0000
Subject: [PATCH] Duplicate new checks in start/restart path

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@141 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index 681e8330c..c7c329719 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -1692,10 +1692,16 @@ add_a_rule()
     case "$logtarget" in
 	REJECT)
 	    target=reject
+	    [ -n "$servport" ] && \
+		fatal_error "Error: server port may not be specified in a REJECT rule;"\
+                            "rule: \"$rule\""
 	    ;;
 	REDIRECT)
 	    [ -n "$serv" ] && startup_error "Error: REDIRECT rules cannot"\
 		" specify a server IP; rule: \"$rule\""
+	    [ -n "$servport" ] && \
+		startup_error "Error: server port may not be specified in an ACCEPT rule;" \
+		              "rule: \"$rule\""
 	    servport=${servport:=$port}
 	    ;;
 	DNAT)
@@ -1804,6 +1810,8 @@ process_rule() {
     else
 	clientzone="${clients%:*}"
 	clients="${clients#*:}"
+	[ -z "$clientzone" -o -z "$clients" ] && \
+	   fatal_error "Error: Empty source zone or qualifier: rule \"$rule\""
     fi
     
     if [ "$clientzone" = "${clientzone%\!*}" ]; then
@@ -1836,8 +1844,12 @@ process_rule() {
 	if [ "$servers" != "${servers%:*}" ] ; then
 	    serverport="${servers#*:}"
 	    servers="${servers%:*}"
+	    [ -z "$serverzone" -o -z "$serverport" ] && \
+	        fatal_error "Error: Empty destination zone or server port: rule \"$rule\""
 	else
 	    serverport=
+	    [ -z "$serverzone" -o -z "$servers" ] && \
+	        startup_error "Error: Empty destination zone or qualifier: rule \"$rule\""
 	fi
     fi