holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

A couple of little buglets. 1) detect duplicate tracked interface in providers file; 2) don't permit destination interface in PREROUTING marking rule

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2315 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-07-09 23:23:45 +00:00
parent d11dc2b58a
commit 7d924c3b82
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/firewall
View File

@ -1124,6 +1124,8 @@ setup_providers()
-) -)
;; ;;
track) track)
list_search $interface $ROUTEMARK_INTERFACES && \
fatal_error "Interface $interface is tracked through an earlier provider"
iface=$(chain_base $interface) iface=$(chain_base $interface)
eval ${iface}_routemark=$mark eval ${iface}_routemark=$mark
ROUTEMARK_INTERFACES="$ROUTEMARK_INTERFACES $interface" ROUTEMARK_INTERFACES="$ROUTEMARK_INTERFACES $interface"
@ -2717,6 +2719,7 @@ process_tc_rule()
r="${r}$(dest_ip_range $dest) " r="${r}$(dest_ip_range $dest) "
;; ;;
*) *)
[ "$chain" = tcpre ] && fatal_error "Destination interface is not allowed in the PREROUTING chain"
verify_interface $dest || fatal_error "Unknown interface $dest in rule \"$rule\"" verify_interface $dest || fatal_error "Unknown interface $dest in rule \"$rule\""
r="${r}$(match_dest_dev $dest) " r="${r}$(match_dest_dev $dest) "
;; ;;