forked from extern/shorewall_code
Correct handling of port ranges and port variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
57f7cb4f3c
commit
b1ba05db2b
@ -885,7 +885,10 @@ sub validate_portpair( $$ ) {
|
|||||||
|
|
||||||
if ( @ports == 2 ) {
|
if ( @ports == 2 ) {
|
||||||
$what = 'port range';
|
$what = 'port range';
|
||||||
|
|
||||||
|
unless ($ports[0] =~ /^\$/ || $ports[1] =~ /^\$/ ) {
|
||||||
fatal_error "Invalid port range ($portpair)" unless $ports[0] < $ports[1];
|
fatal_error "Invalid port range ($portpair)" unless $ports[0] < $ports[1];
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$what = 'port';
|
$what = 'port';
|
||||||
}
|
}
|
||||||
@ -917,7 +920,10 @@ sub validate_portpair1( $$ ) {
|
|||||||
|
|
||||||
if ( @ports == 2 ) {
|
if ( @ports == 2 ) {
|
||||||
$what = 'port range';
|
$what = 'port range';
|
||||||
|
|
||||||
|
unless ($ports[0] =~ /^\$/ || $ports[1] =~ /^\$/ ) {
|
||||||
fatal_error "Invalid port range ($portpair)" unless $ports[0] && $ports[0] < $ports[1];
|
fatal_error "Invalid port range ($portpair)" unless $ports[0] && $ports[0] < $ports[1];
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$what = 'port';
|
$what = 'port';
|
||||||
fatal_error 'Invalid port number (0)' unless $portpair;
|
fatal_error 'Invalid port number (0)' unless $portpair;
|
||||||
|
@ -1903,6 +1903,39 @@ SSH(ACCEPT) net:$MYIP $FW
|
|||||||
the intefaces's run-time gateway variable are omitted.</para>
|
the intefaces's run-time gateway variable are omitted.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id="Port_Variables">
|
||||||
|
<title>Port Variables</title>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 5.1.5, <firstterm>Run-time Port
|
||||||
|
Variables</firstterm> are supported. These variables have the format
|
||||||
|
%{<replaceable>variable</replaceable>} and may appear any place that a
|
||||||
|
port number or service name may appear. Like their address-variable
|
||||||
|
counterparts above, Run-time Port Variables are most useful when
|
||||||
|
Shorewall[6]-lite is being used.</para>
|
||||||
|
|
||||||
|
<para>Example using both Run-time Address and Run-time Port
|
||||||
|
Variables:</para>
|
||||||
|
|
||||||
|
<para>/etc/shorewall/init:</para>
|
||||||
|
|
||||||
|
<programlisting> SERVER_PORT=4126
|
||||||
|
SERVER_ADDRESS=192.0.44.12</programlisting>
|
||||||
|
|
||||||
|
<para>/etc/shorewall/rules:</para>
|
||||||
|
|
||||||
|
<programlisting> ACCEPT net dmz:%{SERVER_ADDRESS} tcp %{SERVER_PORT}</programlisting>
|
||||||
|
|
||||||
|
<para>Rather than assigning a numerical literal to SERVER_PORT in the
|
||||||
|
<filename>init</filename> extension script as shown above, the variable
|
||||||
|
could be assigned a dynamic value based on a database lookup.</para>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para>If no value is assigned to a Run-time Port Variable in the
|
||||||
|
<filename>init</filename> extension script, then the value 255 is
|
||||||
|
assumed.</para>
|
||||||
|
</important>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section id="ActionVariables">
|
<section id="ActionVariables">
|
||||||
<title>Action Variables</title>
|
<title>Action Variables</title>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user