From 55452c6e59ef5fb8a93ab253ede9c0a3f2b43764 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 19 Dec 2010 08:55:03 -0800
Subject: [PATCH] Disallow wildcards in the proxyarp file

---
 Shorewall/Perl/Shorewall/Proxyarp.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Proxyarp.pm b/Shorewall/Perl/Shorewall/Proxyarp.pm
index 1b3d2e306..cac1a2e76 100644
--- a/Shorewall/Perl/Shorewall/Proxyarp.pm
+++ b/Shorewall/Perl/Shorewall/Proxyarp.pm
@@ -125,7 +125,8 @@ sub setup_proxy_arp() {
 		$first_entry = 0;
 	    }
 
-	    fatal_error "Unknown interface ($external)"  unless known_interface $external;
+	    fatal_error "Unknown interface ($external)" unless known_interface $external;
+	    fatal_error "Wildcard interface ($external) not allowed" if $external =~ /\+$/;
 	    $reset{$external} = 1 unless $set{$external};
 
 	    my $extphy   = physical_name $external;
@@ -133,6 +134,7 @@ sub setup_proxy_arp() {
 
 	    if ( $interface ne '-' ) {
 		fatal_error "Unknown interface ($interface)" unless known_interface $interface;
+		fatal_error "Wildcard interface ($interface) not allowed" if $interface =~ /\+$/;
 		$physical = physical_name $interface;
 		$set{$interface}  = 1;
 	    }