holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix some 'policy' file bugs

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6151 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-29 22:29:10 +00:00
parent bc7b6354df
commit a6358bf7e4
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall-perl/Shorewall/Policy.pm
View File

@ -155,10 +155,11 @@ sub validate_policy()
( $policy , my $default ) = split /:/, $policy; ( $policy , my $default ) = split /:/, $policy;
if ( "\L$policy" eq 'none' ) { if ( $default ) {
if ( "\L$default" eq 'none' ) {
$default = 'none'; $default = 'none';
} elsif ( $default ) { } else {
my $defaulttype = $targets{$default}; my $defaulttype = $targets{$default} || 0;
if ( $defaulttype & ACTION ) { if ( $defaulttype & ACTION ) {
unless ( $usedactions{$default} ) { unless ( $usedactions{$default} ) {
@ -168,6 +169,7 @@ sub validate_policy()
} else { } else {
fatal_error "Unknown Default Action ($default)"; fatal_error "Unknown Default Action ($default)";
} }
}
} else { } else {
$default = $default_actions{$policy} || ''; $default = $default_actions{$policy} || '';
} }
@ -175,10 +177,10 @@ sub validate_policy()
fatal_error "Invalid policy $policy" unless exists $validpolicies{$policy}; fatal_error "Invalid policy $policy" unless exists $validpolicies{$policy};
if ( $policy eq 'NONE' ) { if ( $policy eq 'NONE' ) {
fatal_error "$client, $server, $policy, $loglevel, $synparams: NONE policy not allowed to/from firewall zone"
if ( $zones{$client}{type} eq 'firewall' ) || ( $zones{$server}{type} eq 'firewall' );
fatal_error "$client $server $policy $loglevel $synparams: NONE policy not allowed with \"all\"" fatal_error "$client $server $policy $loglevel $synparams: NONE policy not allowed with \"all\""
if $clientwild || $serverwild; if $clientwild || $serverwild;
fatal_error "$client, $server, $policy, $loglevel, $synparams: NONE policy not allowed to/from firewall zone"
if ( $zones{$client}{type} eq 'firewall' ) || ( $zones{$server}{type} eq 'firewall' );
} }
my $chain = "${client}2${server}"; my $chain = "${client}2${server}";