holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add wildcard validation

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6001 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-18 19:05:41 +00:00
parent 1c8168b5a9
commit a6405cb423
1 changed files with 13 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
Shorewall-perl/Shorewall/Interfaces.pm
View File

@ -35,7 +35,6 @@ our @EXPORT = qw( add_group_to_zone
known_interface known_interface
interface_is_optional interface_is_optional
find_interfaces_by_option find_interfaces_by_option
find_interfaces_by_option1
get_interface_option get_interface_option
@interfaces ); @interfaces );
@ -170,7 +169,14 @@ sub validate_interfaces_file()
fatal_error "Invalid Interface Name: $interface" if $interface =~ /:|^\+$/; fatal_error "Invalid Interface Name: $interface" if $interface =~ /:|^\+$/;
( $interfaces{$interface}{root} = $interface ) =~ s/\+$// ; my $wildcard = 0;
if ( $interface =~ /\+$/ ) {
$wildcard = 1;
$interfaces{$interface}{root} = substr( $interface, 0, -1 );
} else {
$interfaces{$interface}{root} = $interface;
}
warning_message 'Shorewall no longer uses broadcast addresses in rule generation:' . $networks if $networks && $networks ne 'detect'; warning_message 'Shorewall no longer uses broadcast addresses in rule generation:' . $networks if $networks && $networks ne 'detect';
@ -186,18 +192,18 @@ sub validate_interfaces_file()
( $option, my $value ) = split /=/, $option; ( $option, my $value ) = split /=/, $option;
my $type = $validoptions{$option}; fatal_error "Invalid Interface option ($option)" unless my $type = $validoptions{$option};
unless ( $type ) { if ( $type == SIMPLE_IF_OPTION ) {
warning_message("Invalid Interface option ($option) ignored");
} elsif ( $type == SIMPLE_IF_OPTION ) {
fatal_error "Option $option does not take a value" if defined $value; fatal_error "Option $option does not take a value" if defined $value;
$options{$option} = 1; $options{$option} = 1;
} elsif ( $type == BINARY_IF_OPTION ) { } elsif ( $type == BINARY_IF_OPTION ) {
$value = 1 unless defined $value; $value = 1 unless defined $value;
fatal_error "Option value for $option must be 0 or 1" unless ( $value eq '0' || $value eq '1' ); fatal_error "Option value for $option must be 0 or 1" unless ( $value eq '0' || $value eq '1' );
fatal_error "The $option option may not be used with a wild-card interface name" if $wildcard;
$options{$option} = $value; $options{$option} = $value;
} elsif ( $type == ENUM_IF_OPTION ) { } elsif ( $type == ENUM_IF_OPTION ) {
fatal_error "The $option option may not be used with a wild-card interface name" if $wildcard;
if ( $option eq 'arp_filter' ) { if ( $option eq 'arp_filter' ) {
if ( $value =~ /^[1-3,8]$/ ) { if ( $value =~ /^[1-3,8]$/ ) {
$options{arp_filter} = $value; $options{arp_filter} = $value;
@ -278,23 +284,6 @@ sub find_interfaces_by_option( $ ) {
\@ints; \@ints;
} }
#
# Returns reference to array of [ name, value ] pairs for interfaces with the passed option
#
sub find_interfaces_by_option1( $ ) {
my $option = $_[0];
my @ints = ();
for my $interface ( @interfaces ) {
my $optionsref = $interfaces{$interface}{options};
if ( $optionsref && defined $optionsref->{$option} ) {
push @ints , [ $interface, $optionsref->{$option} ]
}
}
\@ints;
}
# #
# Return the value of an option for an interface # Return the value of an option for an interface
# #