From 9173b22b585d2575315460429b0c0860be7c2f18 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 19 Feb 2011 08:00:00 -0800 Subject: [PATCH] Disallow USER/GROUP anywhere but in the OUTPUT section --- Shorewall/Perl/Shorewall/Accounting.pm | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm index f1e2f0289..2ed5d8309 100644 --- a/Shorewall/Perl/Shorewall/Accounting.pm +++ b/Shorewall/Perl/Shorewall/Accounting.pm @@ -159,9 +159,7 @@ sub process_accounting_rule( ) { $ports = '' if $ports eq 'any' || $ports eq 'all'; $sports = '' if $sports eq 'any' || $sports eq 'all'; - if ( $asection ) { - fatal_error "USER/GROUP may only be specified in the OUTPUT section" unless $user eq '-' || $asection == OUTPUT; - } + fatal_error "USER/GROUP may only be specified in the OUTPUT section" unless $user eq '-' || $asection == OUTPUT; my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ) . do_test ( $mark, $globals{TC_MASK} ) . do_headers( $headers ); my $rule2 = 0;