extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-03-07 19:11:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make IPv6 Dynamic Zone set names unique

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-20 17:22:34 -07:00
parent 7b2cbf2449
commit 71d88b93a0
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2917,7 +2917,7 @@ sub get_set_flags( $$ ) {
$ipset_exists{$setname} = 1; # Suppress subsequent checks/warnings
}
fatal_error "Invalid ipset name ($setname)" unless $setname =~ /^[a-zA-Z]\w*/;
fatal_error "Invalid ipset name ($setname)" unless $setname =~ /^(6_)?[a-zA-Z]\w*/;
have_capability 'OLD_IPSET_MATCH' ? "--set $setname $options " : "--match-set $setname $options ";
@ -2995,7 +2995,7 @@ sub match_source_net( $;$\$ ) {
return mac_match $net;
}
if ( $net =~ /^(!?)\+[a-zA-Z][-\w]*(\[.*\])?/ ) {
if ( $net =~ /^(!?)\+(6_)?[a-zA-Z][-\w]*(\[.*\])?/ ) {
return join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'src' ) );
}
@ -3044,7 +3044,7 @@ sub match_dest_net( $ ) {
return iprange_match . "${invert}--dst-range $net ";
}
if ( $net =~ /^(!?)\+[a-zA-Z][-\w]*(\[.*\])?$/ ) {
if ( $net =~ /^(!?)\+(6_)?[a-zA-Z][-\w]*(\[.*\])?$/ ) {
return join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'dst' ) );
}

12
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -720,7 +720,7 @@ sub add_group_to_zone($$$$$)
}
if ( substr( $host, 0, 1 ) eq '+' ) {
fatal_error "Invalid ipset name ($host)" unless $host =~ /^\+[a-zA-Z]\w*$/;
fatal_error "Invalid ipset name ($host)" unless $host =~ /^\+(6_)?[a-zA-Z]\w*$/;
require_capability( 'IPSET_MATCH', 'Ipset names in host lists', '');
} else {
validate_host $host, 0;
@ -1087,7 +1087,7 @@ sub process_interface( $$ ) {
fatal_error "Invalid combination of interface options" if $options{required} && $options{optional};
if ( $netsref eq 'dynamic' ) {
my $ipset = "${zone}_" . chain_base $physical;
my $ipset = $family == F_IPV4 ? "${zone}_" . chain_base $physical : "6_${zone}_" . chain_base $physical;
$netsref = [ "+$ipset" ];
$ipsets{$ipset} = 1;
}
@ -1801,11 +1801,11 @@ sub process_host( ) {
if ( $hosts eq 'dynamic' ) {
fatal_error "Vserver zones may not be dynamic" if $type == VSERVER;
require_capability( 'IPSET_MATCH', 'Dynamic nets', '');
my $physical = physical_name $interface;
$hosts = "+${zone}_${physical}";
my $physical = chain_base( physical_name $interface );
my $set = $family == F_IPV4 ? "${zone}_${physical}" : "6_${zone}_${physical}";
$hosts = "+$set";
$optionsref->{dynamic} = 1;
$ipsets{"${zone}_${physical}"} = 1;
$ipsets{$set} = 1;
}
#