From 1d1068ac74656566bef881c4a0fc4841156d6403 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 7 Jan 2017 10:00:37 -0800 Subject: [PATCH] Correct splitting of IP(6)TABLES options Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Raw.pm | 2 +- Shorewall/Perl/Shorewall/Rules.pm | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm index 260cbb116..14202f384 100644 --- a/Shorewall/Perl/Shorewall/Raw.pm +++ b/Shorewall/Perl/Shorewall/Raw.pm @@ -122,7 +122,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) { fatal_error "Invalid conntrack ACTION (IPTABLES)" unless $1; } - my ( $tgt, $options ) = split( ' ', $2 ); + my ( $tgt, $options ) = split( ' ', $2, 2 ); my $target_type = $builtin_target{$tgt}; fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "The $tgt TARGET is not allowed in the raw table" unless $target_type & RAW_TABLE; diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 73d976b40..5fed67c42 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -2915,7 +2915,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) { IPTABLES => sub { if ( $param ) { fatal_error "Unknown ACTION (IPTABLES)" unless $family == F_IPV4; - my ( $tgt, $options ) = split / /, $param; + my ( $tgt, $options ) = split / /, $param, 2; my $target_type = $builtin_target{$tgt}; fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "The $tgt TARGET is not allowed in the filter table" unless $target_type & FILTER_TABLE; @@ -2928,7 +2928,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) { IP6TABLES => sub { if ( $param ) { fatal_error "Unknown ACTION (IP6TABLES)" unless $family == F_IPV6; - my ( $tgt, $options ) = split / /, $param; + my ( $tgt, $options ) = split / /, $param, 2; my $target_type = $builtin_target{$tgt}; fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "The $tgt TARGET is not allowed in the filter table" unless $target_type & FILTER_TABLE; @@ -4499,7 +4499,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { maxparams => 1, function => sub () { fatal_error "Invalid ACTION (IPTABLES)" unless $family == F_IPV4; - my ( $tgt, $options ) = split( ' ', $params ); + my ( $tgt, $options ) = split( ' ', $params, 2 ); my $target_type = $builtin_target{$tgt}; fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "The $tgt TARGET is not allowed in the mangle table" unless $target_type & MANGLE_TABLE; @@ -4515,7 +4515,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { maxparams => 1, function => sub () { fatal_error "Invalid ACTION (IP6TABLES)" unless $family == F_IPV6; - my ( $tgt, $options ) = split( ' ', $params ); + my ( $tgt, $options ) = split( ' ', $params, 2 ); my $target_type = $builtin_target{$tgt}; fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "The $tgt TARGET is not allowed in the mangle table" unless $target_type & MANGLE_TABLE;