From b7e6b1aa41242c2eb5045e698618dc0f601fb36f Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 7 Oct 2012 17:40:42 -0700 Subject: [PATCH] Allow IP range in the hosts file Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/IPAddrs.pm | 6 +++++- Shorewall/Perl/Shorewall/Zones.pm | 11 +++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm index 7bd1d84be..ca255f7d8 100644 --- a/Shorewall/Perl/Shorewall/IPAddrs.pm +++ b/Shorewall/Perl/Shorewall/IPAddrs.pm @@ -228,6 +228,8 @@ sub validate_4range( $$ ) { my $last = decodeaddr $high; fatal_error "Invalid IP Range ($low-$high)" unless $first <= $last; + + "$low-$high"; } sub validate_4host( $$ ) { @@ -690,11 +692,13 @@ sub validate_6range( $$ ) { while ( @low ) { my ( $l, $h) = ( shift @low, shift @high ); next if hex "0x$l" == hex "0x$h"; - return 1 if hex "0x$l" < hex "0x$h"; + return "$low-$high" if hex "0x$l" < hex "0x$h"; last; } fatal_error "Invalid IPv6 Range ($low-$high)"; + + } sub validate_6host( $$ ) { diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index a803a2ff2..3b07f16a0 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -763,8 +763,6 @@ sub add_group_to_zone($$$$$) $new = \@exclusions; } - $host = validate_net( $host, 1 ) unless $host =~ /^\+/; - unless ( $switched ) { if ( $type == $zonetype ) { fatal_error "Duplicate Host Group ($interface:$host) in zone $zone" if $interfaces{$interface}{zone} eq $zone; @@ -787,7 +785,7 @@ sub add_group_to_zone($$$$$) fatal_error "Invalid ipset name ($host)" unless $host =~ /^\+(6_)?[a-zA-Z][-\w]*$/; require_capability( 'IPSET_MATCH', 'Ipset names in host lists', ''); } else { - validate_host $host, 0; + $host = validate_host $host, 0; } push @$new, $host; @@ -1819,9 +1817,10 @@ sub process_host( ) { } else { fatal_error "Invalid HOST(S) column contents: $hosts"; } - } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>$/ || - $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]$/ || - $hosts =~ /^([\w.@%-]+\+?):(\[.+\](?:\/\d+)?)$/ || + } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>$/ || + $hosts =~ /^([\w.@%-]+\+?)\[(.*)\]$/ || + $hosts =~ /^([\w.@%-]+\+?):(!?\[.+\](?:\/\d+)?)$/ || + $hosts =~ /^([\w.@%-]+\+?):(!?\+.*)$/ || $hosts =~ /^([\w.@%-]+\+?):(dynamic)$/ ) { $interface = $1; $hosts = $2;