holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Improve undefined interface checking

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1225 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-03-25 01:00:54 +00:00
parent 9ddf679cf6
commit 058de7b9b1
2 changed files with 27 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Shorewall2/firewall
View File

@ -483,11 +483,27 @@ match_dest_hosts()
# Similarly, the source or destination in a rule can be qualified by a device name. If # Similarly, the source or destination in a rule can be qualified by a device name. If
# the device is defined in /etc/shorewall/interfaces then a normal interface match is # the device is defined in /etc/shorewall/interfaces then a normal interface match is
# generated (-i or -o); otherwise, a physdev match is generated. # generated (-i or -o); otherwise, a physdev match is generated.
#-------------------------------------------------------------------------------------
# #
# loosely match the passed interface with those in /etc/shorewall/interfaces.
#
known_interface() # $1 = interface name
{
local iface
for iface in $all_interfaces ; do
if if_match $iface $1 ; then
return 0
fi
done
return 1
}
match_source_dev() match_source_dev()
{ {
if [ -n "$BRIDGING" ]; then if [ -n "$BRIDGING" ]; then
list_search $1 $all_interfaces && echo -i $1 || physdev_echo "--physdev-in $1" known_interface $1 && echo -i $1 || physdev_echo "--physdev-in $1"
else else
echo -i $1 echo -i $1
fi fi
@ -496,7 +512,7 @@ match_source_dev()
match_dest_dev() match_dest_dev()
{ {
if [ -n "$BRIDGING" ]; then if [ -n "$BRIDGING" ]; then
list_search $1 $all_interfaces && echo -o $1 || physdev_echo "--physdev-out $1" known_interface $1 && echo -o $1 || physdev_echo "--physdev-out $1"
else else
echo -o $1 echo -o $1
fi fi
@ -652,10 +668,10 @@ validate_interfaces_file() {
wildcard= wildcard=
case $interface in case $interface in
*:*) *:*|+)
startup_error "Invalid Interface Name: $interface" startup_error "Invalid Interface Name: $interface"
;; ;;
*+*) *+)
wildcard=Yes wildcard=Yes
;; ;;
esac esac

27
Shorewall2/functions
View File

@ -502,11 +502,11 @@ ip_vlsm() {
# #
# Chain name base for an interface -- replace all periods with underscores in the passed name. # Chain name base for an interface -- replace all periods with underscores in the passed name.
# The result is echoed (less "+" and anything following). # The result is echoed (less trailing "+").
# #
chain_base() #$1 = interface chain_base() #$1 = interface
{ {
local c=${1%%+*} local c=${1%%+}
while true; do while true; do
case $c in case $c in
@ -524,31 +524,18 @@ chain_base() #$1 = interface
done done
} }
#
# Remove trailing digits from a name
#
strip_trailing_digits() {
echo $1 | sed s'/[0-9].*$//'
}
# #
# Loosly Match the name of an interface # Loosly Match the name of an interface
# #
if_match() # $1 = Name in interfaces file - may end in "+" if_match() # $1 = Name in interfaces file - may end in "+"
# $2 = Name from routing table # $2 = Full interface name - may also end in "+"
{ {
local if_file=$1 local pattern=${1%+}
local rt_table=$2 local interface=${2%+}
case $if_file in test "x${interface:0:${#pattern}}" = "x${pattern}"
*+)
test "$(strip_trailing_digits $rt_table)" = "${if_file%+}"
;;
*)
test "$rt_table" = "$if_file"
;;
esac
} }
# #