forked from extern/shorewall_code
Move some fixes from 4.4.5 to 4.4.4.2
This commit is contained in:
parent
c02ab429e6
commit
8581c53b9f
@ -72,7 +72,7 @@ our @EXPORT = qw( ALLIPv4
|
||||
validate_icmp6
|
||||
);
|
||||
our @EXPORT_OK = qw( );
|
||||
our $VERSION = '4.4_1';
|
||||
our $VERSION = '4.4_4';
|
||||
|
||||
#
|
||||
# Some IPv4/6 useful stuff
|
||||
@ -302,7 +302,7 @@ sub validate_port( $$ ) {
|
||||
my $value;
|
||||
|
||||
if ( $port =~ /^(\d+)$/ ) {
|
||||
return $port if $port <= 65535;
|
||||
return $port if $port && $port <= 65535;
|
||||
} else {
|
||||
$proto = proto_name $proto if $proto =~ /^(\d+)$/;
|
||||
$value = getservbyname( $port, $proto );
|
||||
@ -485,16 +485,16 @@ sub valid_6address( $ ) {
|
||||
return 0 unless ( @address == $max ) || $address =~ /::/;
|
||||
return 0 if $address =~ /:::/ || $address =~ /::.*::/;
|
||||
|
||||
if ( $address =~ /^:/ ) {
|
||||
unless ( $address eq '::' ) {
|
||||
return 0 if $address =~ /:$/ || $address =~ /^:.*::/;
|
||||
}
|
||||
} elsif ( $address =~ /:$/ ) {
|
||||
return 0 if $address =~ /::.*:$/;
|
||||
unless ( $address =~ /^::/ ) {
|
||||
return 0 if $address =~ /^:/;
|
||||
}
|
||||
|
||||
unless ( $address =~ /::$/ ) {
|
||||
return 0 if $address =~ /:$/;
|
||||
}
|
||||
|
||||
for my $a ( @address ) {
|
||||
return 0 unless $a eq '' || ( $a =~ /^[a-fA-f\d]+$/ && oct "0x$a" < 65536 );
|
||||
return 0 unless $a eq '' || ( $a =~ /^[a-fA-f\d]+$/ && length $a < 5 );
|
||||
}
|
||||
|
||||
1;
|
||||
@ -543,13 +543,27 @@ sub validate_6net( $$ ) {
|
||||
sub normalize_6addr( $ ) {
|
||||
my $addr = shift;
|
||||
|
||||
while ( $addr =~ tr/:/:/ < 6 ) {
|
||||
$addr =~ s/::/:0::/;
|
||||
if ( $addr eq '::' ) {
|
||||
'0:0:0:0:0:0:0:0';
|
||||
} else {
|
||||
#
|
||||
# Suppress leading zeros
|
||||
#
|
||||
$addr =~ s/^0+//;
|
||||
$addr =~ s/:0+/:/g;
|
||||
$addr =~ s/^:/0:/;
|
||||
$addr =~ s/:$/:0/;
|
||||
|
||||
$addr =~ s/::/:0::/ while $addr =~ tr/:/:/ < 7;
|
||||
#
|
||||
# Note: "s/::/:0:/g" doesn't work here
|
||||
#
|
||||
1 while $addr =~ s/::/:0:/;
|
||||
|
||||
$addr =~ s/^0+:/0:/;
|
||||
|
||||
$addr;
|
||||
}
|
||||
|
||||
$addr =~ s/::/:0:/;
|
||||
|
||||
$addr;
|
||||
}
|
||||
|
||||
sub validate_6range( $$ ) {
|
||||
|
@ -4,6 +4,10 @@ Changes in Shorewall 4.4.4.1
|
||||
|
||||
2) Fix handling of interfaces with the 'bridge' option.
|
||||
|
||||
3) Disallow port 0
|
||||
|
||||
4) Improve IPv6 address validation and range checking.
|
||||
|
||||
Changes in Shorewall 4.4.4
|
||||
|
||||
1) Change STARTUP_LOG and LOG_VERBOSITY in default shorewall6.conf.
|
||||
|
@ -21,3 +21,8 @@
|
||||
|
||||
This problem is corrected in Shorewall 4.4.4.2.
|
||||
|
||||
5) An iptables-restore error can occur if port 0 is specified in some
|
||||
contexts.
|
||||
|
||||
In Shorewall 4.4.4.2, port 0 is flagged as an error in all
|
||||
contexts.
|
||||
|
@ -173,6 +173,20 @@ Shorewall 4.4.4 Patch Release 1
|
||||
default. If, for some reason, you don't want 'track' then specify
|
||||
'notrack' for the provider.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 4 . 2
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) Previously, DNS names were not accepted in some contexts by
|
||||
Shorewall6.
|
||||
|
||||
2) Validation of IPv6 addresses has been improved and now catches more
|
||||
invalid addresses.
|
||||
|
||||
3) Previously, port 0 was accepted in all contexts with the result
|
||||
that iptables-restore errors could occur. Port 0 is now flagged as
|
||||
an error.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 4 . 1
|
||||
----------------------------------------------------------------------------
|
||||
|
Loading…
Reference in New Issue
Block a user