mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-27 13:11:57 +02:00
Fix some bugs
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6476 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
4da98d2bb2
commit
b591068603
@ -151,8 +151,10 @@ sub get_routed_networks ( $$ ) {
|
|||||||
# Parse the interfaces file.
|
# Parse the interfaces file.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub validate_interfaces_file()
|
sub validate_interfaces_file( $ )
|
||||||
{
|
{
|
||||||
|
my $export = shift;
|
||||||
|
|
||||||
use constant { SIMPLE_IF_OPTION => 1,
|
use constant { SIMPLE_IF_OPTION => 1,
|
||||||
BINARY_IF_OPTION => 2,
|
BINARY_IF_OPTION => 2,
|
||||||
ENUM_IF_OPTION => 3,
|
ENUM_IF_OPTION => 3,
|
||||||
@ -230,7 +232,6 @@ sub validate_interfaces_file()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$interfaces{$interface}{ports}++;
|
|
||||||
$interfaces{$port}{bridge} = $bridge = $interface;
|
$interfaces{$port}{bridge} = $bridge = $interface;
|
||||||
$interface = $port;
|
$interface = $port;
|
||||||
} else {
|
} else {
|
||||||
@ -318,10 +319,11 @@ sub validate_interfaces_file()
|
|||||||
my @networks;
|
my @networks;
|
||||||
|
|
||||||
if ( $options{detectnets} ) {
|
if ( $options{detectnets} ) {
|
||||||
fatal_error "'detectnets' not allowed with multi-zone interface" unless $zone;
|
fatal_error "The 'detectnets' option is not allowed with multi-zone interface" unless $zone;
|
||||||
fatal_error "The 'detectnets' option may not be used with a wild-card interface name" if $wildcard;
|
fatal_error "The 'detectnets' option may not be used with a wild-card interface name" if $wildcard;
|
||||||
|
fatal_error "The 'detectnets' option may not be used with the '-e' compiler option" if $export;
|
||||||
@networks = get_routed_networks( $interface, 'detectnets not allowed on interface with default route' );
|
@networks = get_routed_networks( $interface, 'detectnets not allowed on interface with default route' );
|
||||||
fatal_error "No routes through 'detectnets' interface $interface" unless @networks || $options{optional};
|
fatal_error "No routes found through 'detectnets' interface $interface" unless @networks || $options{optional};
|
||||||
} else {
|
} else {
|
||||||
@networks = @allipv4;
|
@networks = @allipv4;
|
||||||
}
|
}
|
||||||
|
@ -757,7 +757,7 @@ sub setup_mac_lists( $ ) {
|
|||||||
add_rule $filter_table->{$chain} , "${source}-m state --state NEW ${policy}-j $target";
|
add_rule $filter_table->{$chain} , "${source}-m state --state NEW ${policy}-j $target";
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
add_rule $mangle_table->{PREROUTING}, match_source_interface( $interface ) . "${source}-m state --state NEW ${policy}-j $target";
|
add_rule $mangle_table->{PREROUTING}, match_source_dev( $interface ) . "${source}-m state --state NEW ${policy}-j $target";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -221,29 +221,23 @@ sub determine_zones()
|
|||||||
fatal_error "Invalid zone name: $zone" if $reservedName{$zone} || $zone =~ /^all2|2all$/;
|
fatal_error "Invalid zone name: $zone" if $reservedName{$zone} || $zone =~ /^all2|2all$/;
|
||||||
fatal_error( "Duplicate zone name: $zone\n" ) if $zones{$zone};
|
fatal_error( "Duplicate zone name: $zone\n" ) if $zones{$zone};
|
||||||
|
|
||||||
my $zoneref = $zones{$zone} = {};
|
|
||||||
$zoneref->{parents} = \@parents;
|
|
||||||
$zoneref->{exclusions} = [];
|
|
||||||
$zoneref->{bridge} = '';
|
|
||||||
|
|
||||||
$type = "ipv4" unless $type;
|
$type = "ipv4" unless $type;
|
||||||
|
|
||||||
if ( $type =~ /ipv4/i ) {
|
if ( $type =~ /ipv4/i ) {
|
||||||
$zoneref->{type} = 'ipv4';
|
$type = 'ipv4';
|
||||||
} elsif ( $type =~ /^ipsec4?$/i ) {
|
} elsif ( $type =~ /^ipsec4?$/i ) {
|
||||||
$zoneref->{type} = 'ipsec4';
|
$type = 'ipsec4';
|
||||||
} elsif ( $type =~ /^bport4?$/i ) {
|
} elsif ( $type =~ /^bport4?$/i ) {
|
||||||
warning_message "Bridge Port zones should have a parent zone" unless @parents;
|
warning_message "Bridge Port zones should have a parent zone" unless @parents;
|
||||||
$zoneref->{type} = 'bport4';
|
$type = 'bport4';
|
||||||
|
|
||||||
} elsif ( $type eq 'firewall' ) {
|
} elsif ( $type eq 'firewall' ) {
|
||||||
fatal_error 'Firewall zone may not be nested' if @parents;
|
fatal_error 'Firewall zone may not be nested' if @parents;
|
||||||
fatal_error "Only one firewall zone may be defined: $zone" if $firewall_zone;
|
fatal_error "Only one firewall zone may be defined: $zone" if $firewall_zone;
|
||||||
$firewall_zone = $zone;
|
$firewall_zone = $zone;
|
||||||
$ENV{FW} = $zone;
|
$ENV{FW} = $zone;
|
||||||
$zoneref->{type} = "firewall";
|
$type = "firewall";
|
||||||
} elsif ( $type eq '-' ) {
|
} elsif ( $type eq '-' ) {
|
||||||
$type = $zoneref->{type} = 'ipv4';
|
$type = 'ipv4';
|
||||||
} else {
|
} else {
|
||||||
fatal_error "Invalid zone type ($type)" ;
|
fatal_error "Invalid zone type ($type)" ;
|
||||||
}
|
}
|
||||||
@ -254,16 +248,20 @@ sub determine_zones()
|
|||||||
$in_options = '' if $in_options eq '-';
|
$in_options = '' if $in_options eq '-';
|
||||||
$out_options = '' if $out_options eq '-';
|
$out_options = '' if $out_options eq '-';
|
||||||
|
|
||||||
$zone_hash{in_out} = parse_zone_option_list( $options || '', $zoneref->{type} );
|
$zone_hash{in_out} = parse_zone_option_list( $options || '', $type );
|
||||||
$zone_hash{in} = parse_zone_option_list( $in_options || '', $zoneref->{type} );
|
$zone_hash{in} = parse_zone_option_list( $in_options || '', $type );
|
||||||
$zone_hash{out} = parse_zone_option_list( $out_options || '', $zoneref->{type} );
|
$zone_hash{out} = parse_zone_option_list( $out_options || '', $type );
|
||||||
$zone_hash{complex} = ($zoneref->{type} eq 'ipsec4' || $options || $in_options || $out_options ? 1 : 0);
|
$zone_hash{complex} = ($type eq 'ipsec4' || $options || $in_options || $out_options ? 1 : 0);
|
||||||
|
|
||||||
$zoneref->{options} = \%zone_hash;
|
|
||||||
$zoneref->{interfaces} = {};
|
|
||||||
$zoneref->{children} = [];
|
|
||||||
$zoneref->{hosts} = {};
|
|
||||||
|
|
||||||
|
$zones{$zone} = { type => $type,
|
||||||
|
parents => \@parents,
|
||||||
|
exclusions => [],
|
||||||
|
bridge => '',
|
||||||
|
options => \%zone_hash,
|
||||||
|
interfaces => {} ,
|
||||||
|
children => [] ,
|
||||||
|
hosts => {}
|
||||||
|
};
|
||||||
push @z, $zone;
|
push @z, $zone;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -691,7 +691,7 @@ sub compiler( $ ) {
|
|||||||
#
|
#
|
||||||
# Process the interfaces file.
|
# Process the interfaces file.
|
||||||
#
|
#
|
||||||
validate_interfaces_file;
|
validate_interfaces_file ( $export );
|
||||||
#
|
#
|
||||||
# Process the hosts file.
|
# Process the hosts file.
|
||||||
#
|
#
|
||||||
|
Loading…
x
Reference in New Issue
Block a user