A couple of little buglets. 1) detect duplicate tracked interface in providers file; 2) don't permit destination interface in PREROUTING marking rule

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2315 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 23:23:45 +00:00 · 2005-07-09 23:23:45 +00:00 · 7d924c3b82
commit 7d924c3b82
parent d11dc2b58a
1 changed files with 3 additions and 0 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1124,6 +1124,8 @@ setup_providers()
 		-)
 		    ;;
 		track)
+		    list_search $interface $ROUTEMARK_INTERFACES && \
+			fatal_error "Interface $interface is tracked through an earlier provider"
 		    iface=$(chain_base $interface)
 		    eval ${iface}_routemark=$mark
 		    ROUTEMARK_INTERFACES="$ROUTEMARK_INTERFACES $interface"
@ -2717,6 +2719,7 @@ process_tc_rule()
 		    r="${r}$(dest_ip_range $dest) "
 		    ;;
 		*)
+		    [ "$chain" = tcpre ] && fatal_error "Destination interface is not allowed in the PREROUTING chain"
 		    verify_interface $dest || fatal_error "Unknown interface $dest in rule \"$rule\""
 		    r="${r}$(match_dest_dev $dest) "
 		    ;;