From 165535cd8ba5777b32bf557dd347ec3be7fdf48e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 4 Jun 2010 07:18:55 -0700 Subject: [PATCH] Disallow wildcard optional/required interfaces Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Zones.pm | 2 ++ Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 20 ++++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 5c26d84b3..47ea6d1ee 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -937,6 +937,8 @@ sub process_interface( $$ ) { $hostoptions{routeback} = $options{routeback} = 1; } + fatal_error "Optional and Required interfaces may not have wildcard names" if ( $wildcard || $physical =~ /\+/ ) && ( $options{optional} || $options{required} ); + $hostoptions{routeback} = $options{routeback} = is_a_bridge( $physical ) unless $export || $options{routeback}; $hostoptionsref = \%hostoptions; diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 9526af44e..dbef932fd 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -14,6 +14,8 @@ Changes in Shorewall 4.4.10 7) Rename PREFIX to DESTDIR in install scripts +8) Optional/required interfaces with wildcard names disallowed. + Changes in Shorewall 4.4.9 1) Auto-detection of bridges. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 19ffb2bd7..4bc9f24d9 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -243,6 +243,26 @@ I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E `sys2sys':/usr/local/libexec/xtables/libipt_sys2sys.so: cannot open shared object file: No such file or directory +4) Previously, if the 'optional' option was given to an interface with + a wildcard physical name, specific instances of the interface were + never considered usable. + + Example: + + /etc/shorewall/interfaces: + + #ZONE INTERFACE BROADCAST OPTIONS + net ppp+ - optional + + /etc/shorewall/providers: + + #PROVIDER NUMBER MARK DUPLICATE INTERFACE ... + XYZTEL 1 - main ppp0 + + The XYZTEL provider was never usable. + + This configuration now generates a compile-time error. + ---------------------------------------------------------------------------- I V. K N O W N P R O B L E M S R E M A I N I N G ----------------------------------------------------------------------------