Fix some 'policy' file bugs

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6151 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-12-16 19:30:44 +01:00 · 2007-04-29 22:29:10 +00:00 · 2007-04-29 22:29:10 +00:00 · a6358bf7e4
commit a6358bf7e4
parent bc7b6354df
1 changed files with 15 additions and 13 deletions
--- a/Shorewall-perl/Shorewall/Policy.pm
+++ b/Shorewall-perl/Shorewall/Policy.pm
@ -155,18 +155,20 @@ sub validate_policy()

 	( $policy , my $default ) = split /:/, $policy;

-	if ( "\L$policy" eq 'none' ) {
-	    $default = 'none';
-	} elsif ( $default ) {
-	    my $defaulttype = $targets{$default};
-
-	    if ( $defaulttype & ACTION ) {
-		unless ( $usedactions{$default} ) {
-		    $usedactions{$default} = 1;
-		    createactionchain $default;
-		}
+	if ( $default ) {
+	    if ( "\L$default" eq 'none' ) {
+		$default = 'none';
 	    } else {
-		fatal_error "Unknown Default Action ($default)";
+		my $defaulttype = $targets{$default} || 0;
+
+		if ( $defaulttype & ACTION ) {
+		    unless ( $usedactions{$default} ) {
+			$usedactions{$default} = 1;
+			createactionchain $default;
+		    }
+		} else {
+		    fatal_error "Unknown Default Action ($default)";
+		}
 	    }
 	} else {
 	    $default = $default_actions{$policy} || '';
@ -175,10 +177,10 @@ sub validate_policy()
 	fatal_error "Invalid policy $policy" unless exists $validpolicies{$policy};

 	if ( $policy eq 'NONE' ) {
-	    fatal_error "$client, $server, $policy, $loglevel, $synparams: NONE policy not allowed to/from firewall zone"
-		if ( $zones{$client}{type} eq 'firewall' ) || ( $zones{$server}{type} eq 'firewall' );
 	    fatal_error "$client $server $policy $loglevel $synparams: NONE policy not allowed with \"all\""
 		if $clientwild || $serverwild;
+	    fatal_error "$client, $server, $policy, $loglevel, $synparams: NONE policy not allowed to/from firewall zone"
+		if ( $zones{$client}{type} eq 'firewall' ) || ( $zones{$server}{type} eq 'firewall' );
 	}

 	my $chain = "${client}2${server}";