mirror of
https://gitlab.com/shorewall/code.git
synced 2025-02-16 01:39:53 +01:00
Tighten up editing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6383 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
b7c4369930
commit
7346304b57
@ -740,7 +740,9 @@ sub validate_portpair( $ ) {
|
||||
$portpair = "0$portpair" if substr( $portpair, 0, 1 ) eq ':';
|
||||
$portpair = "${portpair}65535" if substr( $portpair, -1, 1 ) eq ':';
|
||||
|
||||
my @ports = split/:/, $portpair;
|
||||
my @ports = split/:/, $portpair, 3;
|
||||
|
||||
fatal_error "Invalid port range" if @ports == 3;
|
||||
|
||||
for my $port ( @ports ) {
|
||||
my $value = $services{$port};
|
||||
@ -1360,7 +1362,9 @@ sub expand_rule( $$$$$$$$$$ )
|
||||
my $logtag;
|
||||
|
||||
if ( $loglevel ne '' ) {
|
||||
( $loglevel, $logtag ) = split /:/, $loglevel;
|
||||
( $loglevel, $logtag, my $remainder ) = split( /:/, $loglevel, 3 );
|
||||
|
||||
fatal_error "Invalid log tag" if defined $remainder;
|
||||
|
||||
if ( $loglevel =~ /^none!?$/i ) {
|
||||
return if $disposition eq 'LOG';
|
||||
|
||||
@ -311,7 +311,7 @@ sub split_line( $$$ ) {
|
||||
|
||||
fatal_error "Shorewall Configuration file entries may not contain single quotes, double quotes, single back quotes or backslashes" if $line =~ /["'`\\]/;
|
||||
|
||||
my @line = split /\s+/, $line;
|
||||
my @line = split( /\s+/, $line, $maxcolumns + 1 );
|
||||
|
||||
fatal_error "Invalid $description entry (too few columns)" if @line < $mincolumns;
|
||||
fatal_error "Invalid $description entry (too many columns)" if @line > $maxcolumns;
|
||||
@ -329,7 +329,7 @@ sub split_line1( $$$ ) {
|
||||
|
||||
fatal_error "Shorewall Configuration file entries may not contain double quotes, single back quotes or backslashes" if $line =~ /["`\\]/;
|
||||
|
||||
my @line = split /\s+/, $line;
|
||||
my @line = split( /\s+/, $line, $maxcolumns + 1);
|
||||
|
||||
return @line if $line[0] eq 'COMMENT';
|
||||
|
||||
@ -358,7 +358,7 @@ sub split_line2( $$$ ) {
|
||||
|
||||
fatal_error "Shorewall Configuration file entries may not contain double quotes, single back quotes or backslashes" if $line =~ /["`\\]/;
|
||||
|
||||
my @line = split /\s+/, $line;
|
||||
my @line = split( /\s+/, $line, $maxcolumns + 1 );
|
||||
|
||||
my $first = $line[0];
|
||||
my $columns = $no_pad{$first};
|
||||
@ -492,7 +492,7 @@ sub read_a_line {
|
||||
|
||||
if ( $line =~ /^INCLUDE\s/ ) {
|
||||
|
||||
my @line = split /\s+/, $line;
|
||||
my @line = split /\s+/, $line, 3;
|
||||
|
||||
fatal_error "Invalid INCLUDE command: $line" if @line != 2;
|
||||
fatal_error "INCLUDEs nested too deeply: $line" if @includestack >= 4;
|
||||
@ -670,7 +670,7 @@ sub load_kernel_modules( ) {
|
||||
open LSMOD , '-|', 'lsmod' or fatal_error "Can't run lsmod";
|
||||
|
||||
while ( $line = <LSMOD> ) {
|
||||
my $module = ( split( /\s+/, $line ) )[0];
|
||||
my $module = ( split( /\s+/, $line, 2 ) )[0];
|
||||
$loadedmodules{$module} = 1 unless $module eq 'Module'
|
||||
}
|
||||
|
||||
|
||||
@ -68,7 +68,7 @@ sub find_macro( $ )
|
||||
#
|
||||
sub split_action ( $ ) {
|
||||
my $action = $_[0];
|
||||
my @a = split /:/ , $action;
|
||||
my @a = split( /:/ , $action, 4 );
|
||||
fatal_error "Invalid ACTION ($action)" if ( $action =~ /::/ ) || ( @a > 3 );
|
||||
( shift @a, join ":", @a );
|
||||
}
|
||||
|
||||
@ -312,7 +312,8 @@ sub setup_providers() {
|
||||
if ( $source eq '-' ) {
|
||||
$source = '';
|
||||
} elsif ( $source =~ /:/ ) {
|
||||
( my $interface, $source ) = split /:/, $source;
|
||||
( my $interface, $source , my $remainder ) = split( /:/, $source, 3 );
|
||||
fatal_error "Invalid SOURCE" if defined $remainder;
|
||||
$source = "iif $interface from $source";
|
||||
} elsif ( $source =~ /\..*\..*/ ) {
|
||||
$source = "from $source";
|
||||
|
||||
@ -88,7 +88,7 @@ sub process_tos() {
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
my ($src, $dst, $proto, $sports, $ports , $tos, $mark ) = split_line 6, 7, 'tos file';
|
||||
my ($src, $dst, $proto, $sports, $ports , $tos, $mark ) = split_line 6, 7, 'tos file entry';
|
||||
|
||||
fatal_error "TOS field required" unless $tos ne '-';
|
||||
|
||||
@ -102,7 +102,9 @@ sub process_tos() {
|
||||
|
||||
my $restriction = NO_RESTRICT;
|
||||
|
||||
my ( $srczone , $source ) = split /:/, $src;
|
||||
my ( $srczone , $source , $remainder ) = split( /:/, $src, 3 );
|
||||
|
||||
fatal_error "Invalid SOURCE" if defined $remainder;
|
||||
|
||||
if ( $srczone eq $firewall_zone ) {
|
||||
$chainref = $outtosref;
|
||||
@ -154,7 +156,7 @@ sub setup_ecn()
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
my ($interface, $hosts ) = split_line 1, 2, 'ecn file';
|
||||
my ($interface, $hosts ) = split_line 1, 2, 'ecn file entry';
|
||||
|
||||
fatal_error "Unknown interface ( $interface )" unless known_interface $interface;
|
||||
|
||||
@ -259,7 +261,8 @@ sub setup_syn_flood_chains() {
|
||||
my $limit = $chainref->{synparams};
|
||||
if ( $limit ) {
|
||||
my $level = $chainref->{loglevel};
|
||||
( $limit, my $burst ) = split ':', $limit;
|
||||
( $limit, my ( $burst, $remainder) ) = split( ':', $limit, 3 );
|
||||
fatal_error "Invalid BURST/LIMIT" if defined $remainder;
|
||||
$burst = $burst ? "--limit-burst $burst " : '';
|
||||
my $synchainref = new_chain 'filter' , syn_chain $chainref->{name};
|
||||
add_rule $synchainref , "-m limit --limit $limit ${burst}-j RETURN";
|
||||
@ -704,7 +707,9 @@ sub setup_mac_lists( $ ) {
|
||||
if ( $disposition eq 'COMMENT' ) {
|
||||
process_comment;
|
||||
} else {
|
||||
( $disposition, my $level ) = split /:/, $disposition;
|
||||
( $disposition, my ( $level, $remainder) ) = split( /:/, $disposition, 3 );
|
||||
|
||||
fatal_error "Invalid log level" if defined $remainder;
|
||||
|
||||
my $targetref = $maclist_targets{$disposition};
|
||||
|
||||
@ -1212,7 +1217,7 @@ sub process_rule ( $$$$$$$$$$ ) {
|
||||
}
|
||||
}
|
||||
} else {
|
||||
my $destzone = (split /:/, $dest)[0];
|
||||
my $destzone = (split( /:/, $dest, 2 ) )[0];
|
||||
$destzone = $firewall_zone unless $zones{$destzone}; # We do this to allow 'REDIRECT all ...'; process_rule1 will catch the case where the dest zone is invalid
|
||||
my $policychainref = $filter_table->{"${zone}2${destzone}"}{policychain};
|
||||
if ( $intrazone || ( $zone ne $destzone ) ) {
|
||||
@ -1234,7 +1239,7 @@ sub process_rule ( $$$$$$$$$$ ) {
|
||||
}
|
||||
} elsif ( $dest eq 'all' ) {
|
||||
for my $zone ( @zones ) {
|
||||
my $sourcezone = ( split /:/, $source )[0];
|
||||
my $sourcezone = ( split( /:/, $source, 2 ) )[0];
|
||||
if ( ( $includedstfw || ( $zones{$zone}{type} ne 'firewall') ) && ( ( $sourcezone ne $zone ) || $intrazone) ) {
|
||||
fatal_error "Unknown source zone ($sourcezone)" unless $zones{$sourcezone};
|
||||
my $policychainref = $filter_table->{"${sourcezone}2${zone}"}{policychain};
|
||||
|
||||
@ -124,7 +124,9 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
||||
|
||||
my $original_mark = $mark;
|
||||
|
||||
( $mark, my $designator ) = split /:/, $mark;
|
||||
( $mark, my ( $designator, $remainder ) ) = split( /:/, $mark, 3 );
|
||||
|
||||
fatal_error "Invalid MARK" if defined $remainder;
|
||||
|
||||
my $chain = $globals{MARKING_CHAIN};
|
||||
my $target = 'MARK --set-mark';
|
||||
@ -164,7 +166,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
||||
|
||||
my $mask = 0xffff;
|
||||
|
||||
my ($cmd, $rest) = split '/', $mark;
|
||||
my ($cmd, $rest) = split( '/', $mark, 2 );
|
||||
|
||||
unless ( $classid ) {
|
||||
MARK:
|
||||
|
||||
@ -44,7 +44,9 @@ sub setup_tunnels() {
|
||||
sub setup_one_ipsec {
|
||||
my ($inchainref, $outchainref, $kind, $source, $dest, $gatewayzones) = @_;
|
||||
|
||||
( $kind, my $qualifier ) = split /:/, $kind;
|
||||
( $kind, my ( $qualifier , $remainder ) ) = split( /:/, $kind, 3 );
|
||||
|
||||
fatal_error "Invalid IPSEC modified ($qualifier:$remainder)" if defined $remainder;
|
||||
|
||||
fatal_error "Invalid IPSEC modifier ($qualifier)" if $qualifier && ( $qualifier ne 'noah' );
|
||||
|
||||
@ -126,7 +128,9 @@ sub setup_tunnels() {
|
||||
my $protocol = 'udp';
|
||||
my $port = 1194;
|
||||
|
||||
( $kind, my ( $proto, $p ) ) = split /:/, $kind;
|
||||
( $kind, my ( $proto, $p, $remainder ) ) = split( /:/, $kind, 4 );
|
||||
|
||||
fatal_error "Invalid port ($p:$remainder)" if defined $remainder;
|
||||
|
||||
if ( defined $p && $p ne '' ) {
|
||||
$port = $p;
|
||||
@ -149,7 +153,9 @@ sub setup_tunnels() {
|
||||
my $protocol = 'udp';
|
||||
my $port = 1194;
|
||||
|
||||
( $kind, my ( $proto, $p ) ) = split /:/, $kind;
|
||||
( $kind, my ( $proto, $p , $remainder ) ) = split( /:/, $kind, 4 );
|
||||
|
||||
fatal_error "Invalid port ($p:$remainder)" if defined $remainder;
|
||||
|
||||
if ( defined $p && $p ne '' ) {
|
||||
$port = $p;
|
||||
@ -172,7 +178,9 @@ sub setup_tunnels() {
|
||||
my $protocol = 'udp';
|
||||
my $port = 1194;
|
||||
|
||||
( $kind, my ( $proto, $p ) ) = split /:/, $kind;
|
||||
( $kind, my ( $proto, $p , $remainder ) ) = split( /:/, $kind, 4 );
|
||||
|
||||
fatal_error "Invalid port ($p:$remainder)" if defined $remainder;
|
||||
|
||||
if ( defined $p && $p ne '' ) {
|
||||
$port = $p;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user