extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-23 08:03:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow options on targets that don't accept them.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-17 17:18:01 -07:00
parent 668bd4a1a4
commit f55e34dd8b
2 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -98,6 +98,7 @@ our @EXPORT = ( qw(
STATEMATCH
USERBUILTIN
INLINERULE
OPTIONS
%chain_table
%targets
@ -406,6 +407,7 @@ use constant { STANDARD => 0x1, #defined by Netfilter
STATEMATCH => 0x10000, #action.Invalid, action.Related, etc.
USERBUILTIN => 0x20000, #Builtin action from user's actions file.
INLINERULE => 0x40000, #INLINE
OPTIONS => 0x80000, #Target Accepts Options
};
#
# Valid Targets -- value is a combination of one or more of the above
@ -906,6 +908,10 @@ sub transform_rule( $;\$ ) {
$$completeref = 1 if $jump eq 'g' || $terminating{$target};
}
if ( $ruleref->{targetopts} && $targets{$target} ) {
fatal_error "The $target target does not accept options" unless $targets{$target} & OPTIONS;
}
$ruleref;
}
@ -2647,7 +2653,7 @@ sub initialize_chain_table($) {
'A_ACCEPT+' => STANDARD + NONAT + AUDIT,
'A_ACCEPT!' => STANDARD + AUDIT,
'NONAT' => STANDARD + NONAT + NATONLY,
'AUDIT' => STANDARD + AUDIT,
'AUDIT' => STANDARD + AUDIT + OPTIONS,
'DROP' => STANDARD,
'DROP!' => STANDARD,
'A_DROP' => STANDARD + AUDIT,
@ -2656,20 +2662,20 @@ sub initialize_chain_table($) {
'REJECT!' => STANDARD,
'A_REJECT' => STANDARD + AUDIT,
'A_REJECT!' => STANDARD + AUDIT,
'DNAT' => NATRULE,
'DNAT' => NATRULE + OPTIONS,
'DNAT-' => NATRULE + NATONLY,
'REDIRECT' => NATRULE + REDIRECT,
'REDIRECT' => NATRULE + REDIRECT + OPTIONS,
'REDIRECT-' => NATRULE + REDIRECT + NATONLY,
'LOG' => STANDARD + LOGRULE,
'LOG' => STANDARD + LOGRULE + OPTIONS,
'CONTINUE' => STANDARD,
'CONTINUE!' => STANDARD,
'COUNT' => STANDARD,
'QUEUE' => STANDARD,
'QUEUE' => STANDARD + OPTIONS,
'QUEUE!' => STANDARD,
'NFLOG' => STANDARD + LOGRULE + NFLOG,
'NFQUEUE' => STANDARD + NFQ,
'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS,
'NFQUEUE' => STANDARD + NFQ + OPTIONS,
'NFQUEUE!' => STANDARD + NFQ,
'ULOG' => STANDARD + LOGRULE + NFLOG,
'ULOG' => STANDARD + LOGRULE + NFLOG + OPTIONS,
'ADD' => STANDARD + SET,
'DEL' => STANDARD + SET,
'WHITELIST' => STANDARD,
@ -2709,7 +2715,7 @@ sub initialize_chain_table($) {
'ACCEPT!' => STANDARD,
'A_ACCEPT+' => STANDARD + NONAT + AUDIT,
'A_ACCEPT!' => STANDARD + AUDIT,
'AUDIT' => STANDARD + AUDIT,
'AUDIT' => STANDARD + AUDIT + OPTIONS,
'A_ACCEPT' => STANDARD + AUDIT,
'NONAT' => STANDARD + NONAT + NATONLY,
'DROP' => STANDARD,
@ -2720,18 +2726,18 @@ sub initialize_chain_table($) {
'REJECT!' => STANDARD,
'A_REJECT' => STANDARD + AUDIT,
'A_REJECT!' => STANDARD + AUDIT,
'DNAT' => NATRULE,
'DNAT' => NATRULE + OPTIONS,
'DNAT-' => NATRULE + NATONLY,
'REDIRECT' => NATRULE + REDIRECT,
'REDIRECT' => NATRULE + REDIRECT + OPTIONS,
'REDIRECT-' => NATRULE + REDIRECT + NATONLY,
'LOG' => STANDARD + LOGRULE,
'LOG' => STANDARD + LOGRULE + OPTIONS,
'CONTINUE' => STANDARD,
'CONTINUE!' => STANDARD,
'COUNT' => STANDARD,
'QUEUE' => STANDARD,
'QUEUE' => STANDARD + OPTIONS,
'QUEUE!' => STANDARD,
'NFLOG' => STANDARD + LOGRULE + NFLOG,
'NFQUEUE' => STANDARD + NFQ,
'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS,
'NFQUEUE' => STANDARD + NFQ + OPTIONS,
'NFQUEUE!' => STANDARD + NFQ,
'ULOG' => STANDARD + LOGRULE + NFLOG,
'ADD' => STANDARD + SET,

2
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1664,7 +1664,7 @@ sub process_actions() {
}
if ( $builtin ) {
$targets{$action} = USERBUILTIN;
$targets{$action} = USERBUILTIN + OPTIONS;
$builtin_target{$action} = 1;
} else {
new_action $action, $type, $noinline, $nolog;