holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix iprange handling in IPv6 rules

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9067 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-15 23:31:26 +00:00
parent ddf7887139
commit 8c92588e14
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall-perl/Shorewall/Chains.pm
View File

@ -596,7 +596,7 @@ sub use_forward_chain($) {
# #
# Interface associated with a single zone -- Must use the interface chain if # Interface associated with a single zone -- Must use the interface chain if
# the zone has multiple interfaces # the zone has multiple interfaces
# # and this chain has option rules
$interfaceref->{options}{use_forward_chain} && keys %{ zone_interfaces( $zone ) } > 1; $interfaceref->{options}{use_forward_chain} && keys %{ zone_interfaces( $zone ) } > 1;
} }
@ -1565,7 +1565,8 @@ sub match_source_net( $;$ ) {
$restriction |= NO_RESTRICT; $restriction |= NO_RESTRICT;
if ( $net =~ /^(!?)(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ) { if ( $family == F_IPV4 && $net =~ /^(!?)(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ||
$family == F_IPV6 && $net =~ /^(!?)(.*:.*)-(.*:.*)$/ ) {
my ($addr1, $addr2) = ( $2, $3 ); my ($addr1, $addr2) = ( $2, $3 );
$net =~ s/!// if my $invert = $1 ? '! ' : ''; $net =~ s/!// if my $invert = $1 ? '! ' : '';
validate_range $addr1, $addr2; validate_range $addr1, $addr2;
@ -1591,7 +1592,8 @@ sub match_source_net( $;$ ) {
sub match_dest_net( $ ) { sub match_dest_net( $ ) {
my $net = $_[0]; my $net = $_[0];
if ( $net =~ /^(!?)(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ) { if ( $family == F_IPV4 && $net =~ /^(!?)(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ||
$family == F_IPV6 && $net =~ /^(!?)(.*:.*)-(.*:.*)$/ ) {
my ($addr1, $addr2) = ( $2, $3 ); my ($addr1, $addr2) = ( $2, $3 );
$net =~ s/!// if my $invert = $1 ? '! ' : ''; $net =~ s/!// if my $invert = $1 ? '! ' : '';
validate_range $addr1, $addr2; validate_range $addr1, $addr2;

2
Shorewall-perl/Shorewall/Rules.pm
View File

@ -624,6 +624,8 @@ sub add_common_rules() {
for $interface ( @$list ) { for $interface ( @$list ) {
set_interface_option $interface, 'use_input_chain', 1; set_interface_option $interface, 'use_input_chain', 1;
set_interface_option $interface, 'use_forward_chain', 1;
for $chain ( input_chain $interface, output_chain $interface ) { for $chain ( input_chain $interface, output_chain $interface ) {
add_rule $filter_table->{$chain} , "-p udp --dport $ports -j ACCEPT"; add_rule $filter_table->{$chain} , "-p udp --dport $ports -j ACCEPT";
} }