From 058de7b9b1bcd5fe6fb4a7c2477f888945b4ec0c Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 25 Mar 2004 01:00:54 +0000 Subject: [PATCH] Improve undefined interface checking git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1225 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/firewall | 24 ++++++++++++++++++++---- Shorewall2/functions | 27 +++++++-------------------- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 7a385e83e..bfadf7226 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -483,11 +483,27 @@ match_dest_hosts() # Similarly, the source or destination in a rule can be qualified by a device name. If # the device is defined in /etc/shorewall/interfaces then a normal interface match is # generated (-i or -o); otherwise, a physdev match is generated. +#------------------------------------------------------------------------------------- # +# loosely match the passed interface with those in /etc/shorewall/interfaces. +# +known_interface() # $1 = interface name +{ + local iface + + for iface in $all_interfaces ; do + if if_match $iface $1 ; then + return 0 + fi + done + + return 1 +} + match_source_dev() { if [ -n "$BRIDGING" ]; then - list_search $1 $all_interfaces && echo -i $1 || physdev_echo "--physdev-in $1" + known_interface $1 && echo -i $1 || physdev_echo "--physdev-in $1" else echo -i $1 fi @@ -496,7 +512,7 @@ match_source_dev() match_dest_dev() { if [ -n "$BRIDGING" ]; then - list_search $1 $all_interfaces && echo -o $1 || physdev_echo "--physdev-out $1" + known_interface $1 && echo -o $1 || physdev_echo "--physdev-out $1" else echo -o $1 fi @@ -652,10 +668,10 @@ validate_interfaces_file() { wildcard= case $interface in - *:*) + *:*|+) startup_error "Invalid Interface Name: $interface" ;; - *+*) + *+) wildcard=Yes ;; esac diff --git a/Shorewall2/functions b/Shorewall2/functions index c7b3f278f..bb41d01e2 100755 --- a/Shorewall2/functions +++ b/Shorewall2/functions @@ -502,11 +502,11 @@ ip_vlsm() { # # Chain name base for an interface -- replace all periods with underscores in the passed name. -# The result is echoed (less "+" and anything following). +# The result is echoed (less trailing "+"). # chain_base() #$1 = interface { - local c=${1%%+*} + local c=${1%%+} while true; do case $c in @@ -524,31 +524,18 @@ chain_base() #$1 = interface done } -# -# Remove trailing digits from a name -# -strip_trailing_digits() { - echo $1 | sed s'/[0-9].*$//' -} - # # Loosly Match the name of an interface # if_match() # $1 = Name in interfaces file - may end in "+" - # $2 = Name from routing table + # $2 = Full interface name - may also end in "+" { - local if_file=$1 - local rt_table=$2 + local pattern=${1%+} + local interface=${2%+} - case $if_file in - *+) - test "$(strip_trailing_digits $rt_table)" = "${if_file%+}" - ;; - *) - test "$rt_table" = "$if_file" - ;; - esac + test "x${interface:0:${#pattern}}" = "x${pattern}" + } #