holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix bug reported by Steven Springl

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8231 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-02-24 17:05:27 +00:00
parent 131acd8e1f
commit aec4134aa1
4 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall-perl/Shorewall/Chains.pm
View File

@ -1824,9 +1824,8 @@ sub expand_rule( $$$$$$$$$$ )
# ADDRESS 'detect' in the masq file. # ADDRESS 'detect' in the masq file.
# #
fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface ); fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface );
add_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do' ); push_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do', 'done' );
$rule .= '-d $dest '; $rule .= '-d $dest ';
incr_cmd_level $chainref;
} else { } else {
fatal_error "Bridge Port ($diface) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface ); fatal_error "Bridge Port ($diface) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface );
fatal_error "Destination Interface ($diface) not allowed when the destination zone is the firewall zone" if $restriction & INPUT_RESTRICT; fatal_error "Destination Interface ($diface) not allowed when the destination zone is the firewall zone" if $restriction & INPUT_RESTRICT;

6
Shorewall-perl/Shorewall/IPAddrs.pm
View File

@ -177,13 +177,13 @@ sub ip_range_explicit( $ ) {
@result; @result;
} }
sub validate_host( $ ) { sub validate_host( $$ ) {
my $host = $_[0]; my ( $host, $allow_name ) = $_[0];
if ( $host =~ /^(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ) { if ( $host =~ /^(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ) {
validate_range $1, $2; validate_range $1, $2;
} else { } else {
validate_net( $host, 0 ); validate_net( $host, $allow_name );
} }
} }

6
Shorewall-perl/Shorewall/Rules.pm
View File

@ -177,7 +177,7 @@ sub setup_ecn()
$hosts = ALLIPv4 if $hosts eq '-'; $hosts = ALLIPv4 if $hosts eq '-';
for my $host( split_list $hosts, 'address' ) { for my $host( split_list $hosts, 'address' ) {
validate_net( $host , 1 ); validate_host( $host , 1 );
push @hosts, [ $interface, $host ]; push @hosts, [ $interface, $host ];
} }
} }
@ -358,7 +358,7 @@ sub process_criticalhosts() {
my @hosts; my @hosts;
for my $host ( split_list $hosts, 'host' ) { for my $host ( split_list $hosts, 'host' ) {
validate_net $host, 1; validate_host $host, 1;
push @hosts, "$interface:$host"; push @hosts, "$interface:$host";
} }
@ -399,7 +399,7 @@ sub process_routestopped() {
my @hosts; my @hosts;
for my $host ( split /,/, $hosts ) { for my $host ( split /,/, $hosts ) {
validate_net $host, 1; validate_host $host, 1;
push @hosts, "$interface:$host"; push @hosts, "$interface:$host";
} }

2
Shorewall-perl/Shorewall/Zones.pm
View File

@ -488,7 +488,7 @@ sub add_group_to_zone($$$$$)
if ( substr( $host, 0, 1 ) eq '+' ) { if ( substr( $host, 0, 1 ) eq '+' ) {
fatal_error "Invalid ipset name ($host)" unless $host =~ /^\+[a-zA-Z]\w*$/; fatal_error "Invalid ipset name ($host)" unless $host =~ /^\+[a-zA-Z]\w*$/;
} else { } else {
validate_host $host; validate_host $host, 0;
} }
push @$new, $switched ? "$interface:$host" : $host; push @$new, $switched ? "$interface:$host" : $host;