extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-22 05:28:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Validate all IPSET Names

Browse Source
This commit is contained in:
Tom Eastep 2010-07-18 17:18:10 -07:00
parent cbb524b067
commit 79128605b1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2498,7 +2498,7 @@ sub match_source_net( $;$ ) {
} elsif ( $net =~ /^!?~/ ) {
fatal_error "MAC address cannot be used in this context" if $restriction >= OUTPUT_RESTRICT;
mac_match $net;
} elsif ( $net =~ /^(!?)\+/ ) {
} elsif ( $net =~ /^(!?)\+[a-zA-Z]\w*$/ ) {
require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' , '' );
join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'src' ) );
} elsif ( $net =~ s/^!// ) {
@ -2522,7 +2522,7 @@ sub match_dest_net( $ ) {
$net =~ s/!// if my $invert = $1 ? '! ' : '';
validate_range $addr1, $addr2;
iprange_match . "${invert}--dst-range $net ";
} elsif ( $net =~ /^(!?)\+/ ) {
} elsif ( $net =~ /^(!?)\+[a-zA-Z]\w*$/ ) {
require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' , '');
join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'dst' ) );
} elsif ( $net =~ /^!/ ) {