diff --git a/Shorewall-common/lib.base b/Shorewall-common/lib.base index 0a973c909..fc611e9b8 100644 --- a/Shorewall-common/lib.base +++ b/Shorewall-common/lib.base @@ -838,7 +838,7 @@ get_routed_networks() # $1 = interface name, $2-n = Fatal error message echo "WARNING: default route ignored on interface $1" >&2 fi ;; - multicast|broadcast|prohibit|nat|throw|via) + multicast|broadcast|prohibit|nat|throw|nexthop) ;; *) [ "$address" = "${address%/*}" ] && address="${address}/32" diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl/Shorewall/IPAddrs.pm index 529f429c8..ad4597c8f 100644 --- a/Shorewall-perl/Shorewall/IPAddrs.pm +++ b/Shorewall-perl/Shorewall/IPAddrs.pm @@ -73,14 +73,14 @@ sub validate_address( $ ) { } sub validate_net( $ ) { - my ($net, $vlsm) = split '/', $_[0]; + my ($net, $vlsm, $rest) = split( '/', $_[0], 3 ); if ( defined $vlsm ) { - fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 32; - fatal_error "Invalid IP address ($net)" unless valid_address $net; + fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 32; + fatal_error "Invalid Network address ($_[0])" if defined $rest; + fatal_error "Invalid IP address ($net)" unless valid_address $net; } else { - fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/'; - fatal_error "Invalid Network address ($_[0])" unless defined $net; + fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net; validate_address $net; } } diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index 095d46c3c..7eb94e94c 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -59,7 +59,7 @@ my %providers = ( 'local' => { number => LOCAL_NUMBER , mark => 0 } , my @providers; # -# Set up marking for 'tracked' interfaces. Unline in Shorewall 3.x, we add these rules unconditionally, even if the associated interface isn't up. +# Set up marking for 'tracked' interfaces. Unlike in Shorewall 3.x, we add these rules unconditionally, even if the associated interface isn't up. # sub setup_route_marking() { my $mask = $config{HIGH_ROUTE_MARKS} ? '0xFF00' : '0xFF'; @@ -69,7 +69,7 @@ sub setup_route_marking() { require_capability( 'CONNMARK' , 'the provider \'track\' option' , 's' ); add_rule $mangle_table->{PREROUTING} , "-m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask"; - add_rule $mangle_table->{OUTPUT} , " -m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask"; + add_rule $mangle_table->{OUTPUT} , "-m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask"; my $chainref = new_chain 'mangle', 'routemark'; @@ -147,8 +147,8 @@ sub setup_providers() { fatal_error "Duplicate provider ( $table )" if $providers{$table}; - for my $provider ( keys %providers ) { - fatal_error "Duplicate provider number ( $number )" if $providers{$provider}{number} == $number; + for my $providerref ( values %providers ) { + fatal_error "Duplicate provider number ( $number )" if $providerref->{number} == $number; } emit "#\n# Add Provider $table ($number)\n#";