holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct splitting of IP(6)TABLES options

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-01-07 10:00:37 -08:00
parent 5bc724c268
commit 1d1068ac74
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -122,7 +122,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
fatal_error "Invalid conntrack ACTION (IPTABLES)" unless $1; fatal_error "Invalid conntrack ACTION (IPTABLES)" unless $1;
} }
my ( $tgt, $options ) = split( ' ', $2 ); my ( $tgt, $options ) = split( ' ', $2, 2 );
my $target_type = $builtin_target{$tgt}; my $target_type = $builtin_target{$tgt};
fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "Unknown target ($tgt)" unless $target_type;
fatal_error "The $tgt TARGET is not allowed in the raw table" unless $target_type & RAW_TABLE; fatal_error "The $tgt TARGET is not allowed in the raw table" unless $target_type & RAW_TABLE;

8
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2915,7 +2915,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
IPTABLES => sub { IPTABLES => sub {
if ( $param ) { if ( $param ) {
fatal_error "Unknown ACTION (IPTABLES)" unless $family == F_IPV4; fatal_error "Unknown ACTION (IPTABLES)" unless $family == F_IPV4;
my ( $tgt, $options ) = split / /, $param; my ( $tgt, $options ) = split / /, $param, 2;
my $target_type = $builtin_target{$tgt}; my $target_type = $builtin_target{$tgt};
fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "Unknown target ($tgt)" unless $target_type;
fatal_error "The $tgt TARGET is not allowed in the filter table" unless $target_type & FILTER_TABLE; fatal_error "The $tgt TARGET is not allowed in the filter table" unless $target_type & FILTER_TABLE;
@ -2928,7 +2928,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
IP6TABLES => sub { IP6TABLES => sub {
if ( $param ) { if ( $param ) {
fatal_error "Unknown ACTION (IP6TABLES)" unless $family == F_IPV6; fatal_error "Unknown ACTION (IP6TABLES)" unless $family == F_IPV6;
my ( $tgt, $options ) = split / /, $param; my ( $tgt, $options ) = split / /, $param, 2;
my $target_type = $builtin_target{$tgt}; my $target_type = $builtin_target{$tgt};
fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "Unknown target ($tgt)" unless $target_type;
fatal_error "The $tgt TARGET is not allowed in the filter table" unless $target_type & FILTER_TABLE; fatal_error "The $tgt TARGET is not allowed in the filter table" unless $target_type & FILTER_TABLE;
@ -4499,7 +4499,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
maxparams => 1, maxparams => 1,
function => sub () { function => sub () {
fatal_error "Invalid ACTION (IPTABLES)" unless $family == F_IPV4; fatal_error "Invalid ACTION (IPTABLES)" unless $family == F_IPV4;
my ( $tgt, $options ) = split( ' ', $params ); my ( $tgt, $options ) = split( ' ', $params, 2 );
my $target_type = $builtin_target{$tgt}; my $target_type = $builtin_target{$tgt};
fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "Unknown target ($tgt)" unless $target_type;
fatal_error "The $tgt TARGET is not allowed in the mangle table" unless $target_type & MANGLE_TABLE; fatal_error "The $tgt TARGET is not allowed in the mangle table" unless $target_type & MANGLE_TABLE;
@ -4515,7 +4515,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
maxparams => 1, maxparams => 1,
function => sub () { function => sub () {
fatal_error "Invalid ACTION (IP6TABLES)" unless $family == F_IPV6; fatal_error "Invalid ACTION (IP6TABLES)" unless $family == F_IPV6;
my ( $tgt, $options ) = split( ' ', $params ); my ( $tgt, $options ) = split( ' ', $params, 2 );
my $target_type = $builtin_target{$tgt}; my $target_type = $builtin_target{$tgt};
fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "Unknown target ($tgt)" unless $target_type;
fatal_error "The $tgt TARGET is not allowed in the mangle table" unless $target_type & MANGLE_TABLE; fatal_error "The $tgt TARGET is not allowed in the mangle table" unless $target_type & MANGLE_TABLE;