Fix rules file processing with missing policy

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@747 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-15 04:04:10 +01:00 · 2003-09-26 21:34:16 +00:00 · 2003-09-26 21:34:16 +00:00 · f88241a6f1
commit f88241a6f1
parent e4bfb8f0f4
3 changed files with 15 additions and 0 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -83,3 +83,5 @@ Changes since 1.4.6
 36) Extend USER SET column in /etc/shorewall/rules to allow user:group.

 37) Reword error message to avoid the word 'illegal'.
+
+38) Avoid shell error when there is no policy corresponding to a rule.
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -2732,6 +2732,9 @@ process_rule() # $1 = target

    eval policy=\$${chain}_policy

+    [ -z "$policy" ] && \
+	fatal_error "No policy defined from zone $source to zone $dest"
+
    [ $policy = NONE ] && \
 	fatal_error "Rules may not override a NONE policy: rule \"$rule\""

--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -57,6 +57,16 @@ Problems Corrected since version 1.4.6:
 13) The documentation of the USERSETS column in the rules file has been
    corrected.

+14) If there is no policy defined for the zones specified in a rule,
+    the firewall script previously encountered a shell syntax error:
+
+	[: NONE: unexpected operator
+
+    Now, the absence of a policy generates an error message and the
+    firewall is stopped:
+
+        No policy defined from zone <source> to zone <dest>
+
 Migration Issues:

 1) IP Traffic Accounting is changed from Snapshot 20030813.