From 993bdc740d72ca669455b23631876cdab9bc659f Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 17 Feb 2011 16:31:22 -0800
Subject: [PATCH] Make it invalid to to use a config file name as a chain name

---
 Shorewall/Perl/Shorewall/Chains.pm |  6 ++--
 Shorewall/Perl/Shorewall/Config.pm | 45 ++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 6c4fd277d..8af76f2c2 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1344,7 +1344,7 @@ sub ensure_accounting_chain( $$$ )
 	$chainref->{restriction} |= $restriction;
     } else {
 	fatal_error "Chain name ($chain) too long" if length $chain > 29;
-	fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! $builtin_target{$chain};
+	fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! ( $builtin_target{$chain} || $config_files{$chain} );
 	$chainref = new_chain 'filter' , $chain;
 	$chainref->{accounting}  = 1;
 	$chainref->{referenced}  = 1;
@@ -1435,7 +1435,7 @@ sub new_nat_chain($) {
 sub new_manual_chain($) {
     my $chain = $_[0];
     fatal_error "Chain name ($chain) too long" if length $chain > 29;
-    fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! $builtin_target{$chain};
+    fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! ( $builtin_target{$chain} || $config_files{$chain} );
     fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain};
     $targets{$chain} = CHAIN;
     ( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1;
@@ -2110,7 +2110,7 @@ sub newexclusionchain() {
 
 sub newlogchain() {
     my $seq = $chainseq++;
-    "log${seq}";
+    "~log${seq}";
 }
 
 #
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index b2283e799..6983854c4 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -126,6 +126,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       $debug
 				       %config
 				       %globals
+				       %config_files
 
 		                       F_IPV4
 		                       F_IPV6
@@ -262,6 +263,50 @@ our %capdesc = ( NAT_ENABLED     => 'NAT',
 		 CAPVERSION      => 'Capability Version',
 		 KERNELVERSION   => 'Kernel Version',
 	       );
+
+our %config_files = ( accounting       => 1,
+		      actions          => 1,
+		      blacklist        => 1,
+		      clear            => 1,
+		      ecn              => 1,
+		      findgw           => 1,
+		      hosts            => 1,
+		      init             => 1,
+		      initdone         => 1,
+		      interfaces       => 1,
+		      isusable         => 1,
+		      maclist          => 1,
+		      masq             => 1,
+		      nat              => 1,
+		      netmap           => 1,
+		      notrack          => 1,
+		      params           => 1,
+		      policy           => 1,
+		      providers        => 1,
+		      proxyarp         => 1,
+		      refresh          => 1,
+		      refreshed        => 1,
+		      restored         => 1,
+		      route_rules      => 1,
+		      routes           => 1,
+		      routestopped     => 1,
+		      rules            => 1,
+		      scfilter         => 1,
+		      secmarks         => 1,
+		      start            => 1,
+		      started          => 1,
+		      stop             => 1,
+		      stopped          => 1,
+		      tcclasses        => 1,
+		      tcclear          => 1,
+		      tcdevices        => 1,
+		      tcfilters        => 1,
+		      tcinterfaces     => 1,
+		      tcpri            => 1,
+		      tcrules          => 1,
+		      tos              => 1,
+		      tunnels          => 1,
+		      zones            => 1 );
 #
 # Directories to search for configuration files
 #