Make it invalid to to use a config file name as a chain name

2025-06-20 09:47:51 +02:00 · 2011-02-17 16:31:22 -08:00 · 2011-02-17 16:31:22 -08:00 · 993bdc740d
commit 993bdc740d
parent b06630091d
2 changed files with 48 additions and 3 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -1344,7 +1344,7 @@ sub ensure_accounting_chain( $$$ )
 	$chainref->{restriction} |= $restriction;
    } else {
 	fatal_error "Chain name ($chain) too long" if length $chain > 29;
-	fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! $builtin_target{$chain};
+	fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! ( $builtin_target{$chain} || $config_files{$chain} );
 	$chainref = new_chain 'filter' , $chain;
 	$chainref->{accounting}  = 1;
 	$chainref->{referenced}  = 1;
@ -1435,7 +1435,7 @@ sub new_nat_chain($) {
 sub new_manual_chain($) {
    my $chain = $_[0];
    fatal_error "Chain name ($chain) too long" if length $chain > 29;
-    fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! $builtin_target{$chain};
+    fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! ( $builtin_target{$chain} || $config_files{$chain} );
    fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain};
    $targets{$chain} = CHAIN;
    ( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1;
@ -2110,7 +2110,7 @@ sub newexclusionchain() {
 sub newlogchain() {
    my $seq = $chainseq++;
-    "log${seq}";
+    "~log${seq}";
 }
 #
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -126,6 +126,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       $debug
 				       %config
 				       %globals
 				       %config_files
 		                       F_IPV4
 		                       F_IPV6
@ -262,6 +263,50 @@ our %capdesc = ( NAT_ENABLED     => 'NAT',
 		 CAPVERSION      => 'Capability Version',
 		 KERNELVERSION   => 'Kernel Version',
 	       );
 our %config_files = ( accounting       => 1,
 		      actions          => 1,
 		      blacklist        => 1,
 		      clear            => 1,
 		      ecn              => 1,
 		      findgw           => 1,
 		      hosts            => 1,
 		      init             => 1,
 		      initdone         => 1,
 		      interfaces       => 1,
 		      isusable         => 1,
 		      maclist          => 1,
 		      masq             => 1,
 		      nat              => 1,
 		      netmap           => 1,
 		      notrack          => 1,
 		      params           => 1,
 		      policy           => 1,
 		      providers        => 1,
 		      proxyarp         => 1,
 		      refresh          => 1,
 		      refreshed        => 1,
 		      restored         => 1,
 		      route_rules      => 1,
 		      routes           => 1,
 		      routestopped     => 1,
 		      rules            => 1,
 		      scfilter         => 1,
 		      secmarks         => 1,
 		      start            => 1,
 		      started          => 1,
 		      stop             => 1,
 		      stopped          => 1,
 		      tcclasses        => 1,
 		      tcclear          => 1,
 		      tcdevices        => 1,
 		      tcfilters        => 1,
 		      tcinterfaces     => 1,
 		      tcpri            => 1,
 		      tcrules          => 1,
 		      tos              => 1,
 		      tunnels          => 1,
 		      zones            => 1 );
 #
 # Directories to search for configuration files
 #