extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-27 01:53:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow options on targets that don't accept them.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-17 17:18:01 -07:00
parent 668bd4a1a4
commit f55e34dd8b
2 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -98,6 +98,7 @@ our @EXPORT = ( qw(
STATEMATCH STATEMATCH
USERBUILTIN USERBUILTIN
INLINERULE INLINERULE
OPTIONS
%chain_table %chain_table
%targets %targets
@ -406,6 +407,7 @@ use constant { STANDARD => 0x1, #defined by Netfilter
STATEMATCH => 0x10000, #action.Invalid, action.Related, etc. STATEMATCH => 0x10000, #action.Invalid, action.Related, etc.
USERBUILTIN => 0x20000, #Builtin action from user's actions file. USERBUILTIN => 0x20000, #Builtin action from user's actions file.
INLINERULE => 0x40000, #INLINE INLINERULE => 0x40000, #INLINE
OPTIONS => 0x80000, #Target Accepts Options
}; };
# #
# Valid Targets -- value is a combination of one or more of the above # Valid Targets -- value is a combination of one or more of the above
@ -906,6 +908,10 @@ sub transform_rule( $;\$ ) {
$$completeref = 1 if $jump eq 'g' || $terminating{$target}; $$completeref = 1 if $jump eq 'g' || $terminating{$target};
} }
if ( $ruleref->{targetopts} && $targets{$target} ) {
fatal_error "The $target target does not accept options" unless $targets{$target} & OPTIONS;
}
$ruleref; $ruleref;
} }
@ -2647,7 +2653,7 @@ sub initialize_chain_table($) {
'A_ACCEPT+' => STANDARD + NONAT + AUDIT, 'A_ACCEPT+' => STANDARD + NONAT + AUDIT,
'A_ACCEPT!' => STANDARD + AUDIT, 'A_ACCEPT!' => STANDARD + AUDIT,
'NONAT' => STANDARD + NONAT + NATONLY, 'NONAT' => STANDARD + NONAT + NATONLY,
'AUDIT' => STANDARD + AUDIT, 'AUDIT' => STANDARD + AUDIT + OPTIONS,
'DROP' => STANDARD, 'DROP' => STANDARD,
'DROP!' => STANDARD, 'DROP!' => STANDARD,
'A_DROP' => STANDARD + AUDIT, 'A_DROP' => STANDARD + AUDIT,
@ -2656,20 +2662,20 @@ sub initialize_chain_table($) {
'REJECT!' => STANDARD, 'REJECT!' => STANDARD,
'A_REJECT' => STANDARD + AUDIT, 'A_REJECT' => STANDARD + AUDIT,
'A_REJECT!' => STANDARD + AUDIT, 'A_REJECT!' => STANDARD + AUDIT,
'DNAT' => NATRULE, 'DNAT' => NATRULE + OPTIONS,
'DNAT-' => NATRULE + NATONLY, 'DNAT-' => NATRULE + NATONLY,
'REDIRECT' => NATRULE + REDIRECT, 'REDIRECT' => NATRULE + REDIRECT + OPTIONS,
'REDIRECT-' => NATRULE + REDIRECT + NATONLY, 'REDIRECT-' => NATRULE + REDIRECT + NATONLY,
'LOG' => STANDARD + LOGRULE, 'LOG' => STANDARD + LOGRULE + OPTIONS,
'CONTINUE' => STANDARD, 'CONTINUE' => STANDARD,
'CONTINUE!' => STANDARD, 'CONTINUE!' => STANDARD,
'COUNT' => STANDARD, 'COUNT' => STANDARD,
'QUEUE' => STANDARD, 'QUEUE' => STANDARD + OPTIONS,
'QUEUE!' => STANDARD, 'QUEUE!' => STANDARD,
'NFLOG' => STANDARD + LOGRULE + NFLOG, 'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS,
'NFQUEUE' => STANDARD + NFQ, 'NFQUEUE' => STANDARD + NFQ + OPTIONS,
'NFQUEUE!' => STANDARD + NFQ, 'NFQUEUE!' => STANDARD + NFQ,
'ULOG' => STANDARD + LOGRULE + NFLOG, 'ULOG' => STANDARD + LOGRULE + NFLOG + OPTIONS,
'ADD' => STANDARD + SET, 'ADD' => STANDARD + SET,
'DEL' => STANDARD + SET, 'DEL' => STANDARD + SET,
'WHITELIST' => STANDARD, 'WHITELIST' => STANDARD,
@ -2709,7 +2715,7 @@ sub initialize_chain_table($) {
'ACCEPT!' => STANDARD, 'ACCEPT!' => STANDARD,
'A_ACCEPT+' => STANDARD + NONAT + AUDIT, 'A_ACCEPT+' => STANDARD + NONAT + AUDIT,
'A_ACCEPT!' => STANDARD + AUDIT, 'A_ACCEPT!' => STANDARD + AUDIT,
'AUDIT' => STANDARD + AUDIT, 'AUDIT' => STANDARD + AUDIT + OPTIONS,
'A_ACCEPT' => STANDARD + AUDIT, 'A_ACCEPT' => STANDARD + AUDIT,
'NONAT' => STANDARD + NONAT + NATONLY, 'NONAT' => STANDARD + NONAT + NATONLY,
'DROP' => STANDARD, 'DROP' => STANDARD,
@ -2720,18 +2726,18 @@ sub initialize_chain_table($) {
'REJECT!' => STANDARD, 'REJECT!' => STANDARD,
'A_REJECT' => STANDARD + AUDIT, 'A_REJECT' => STANDARD + AUDIT,
'A_REJECT!' => STANDARD + AUDIT, 'A_REJECT!' => STANDARD + AUDIT,
'DNAT' => NATRULE, 'DNAT' => NATRULE + OPTIONS,
'DNAT-' => NATRULE + NATONLY, 'DNAT-' => NATRULE + NATONLY,
'REDIRECT' => NATRULE + REDIRECT, 'REDIRECT' => NATRULE + REDIRECT + OPTIONS,
'REDIRECT-' => NATRULE + REDIRECT + NATONLY, 'REDIRECT-' => NATRULE + REDIRECT + NATONLY,
'LOG' => STANDARD + LOGRULE, 'LOG' => STANDARD + LOGRULE + OPTIONS,
'CONTINUE' => STANDARD, 'CONTINUE' => STANDARD,
'CONTINUE!' => STANDARD, 'CONTINUE!' => STANDARD,
'COUNT' => STANDARD, 'COUNT' => STANDARD,
'QUEUE' => STANDARD, 'QUEUE' => STANDARD + OPTIONS,
'QUEUE!' => STANDARD, 'QUEUE!' => STANDARD,
'NFLOG' => STANDARD + LOGRULE + NFLOG, 'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS,
'NFQUEUE' => STANDARD + NFQ, 'NFQUEUE' => STANDARD + NFQ + OPTIONS,
'NFQUEUE!' => STANDARD + NFQ, 'NFQUEUE!' => STANDARD + NFQ,
'ULOG' => STANDARD + LOGRULE + NFLOG, 'ULOG' => STANDARD + LOGRULE + NFLOG,
'ADD' => STANDARD + SET, 'ADD' => STANDARD + SET,

2
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1664,7 +1664,7 @@ sub process_actions() {
} }
if ( $builtin ) { if ( $builtin ) {
$targets{$action} = USERBUILTIN; $targets{$action} = USERBUILTIN + OPTIONS;
$builtin_target{$action} = 1; $builtin_target{$action} = 1;
} else { } else {
new_action $action, $type, $noinline, $nolog; new_action $action, $type, $noinline, $nolog;