forked from extern/shorewall_code
Disallow double quotes in COMMENT lines
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9fe1d8e260
commit
ba6a5eeb39
@ -426,12 +426,7 @@ sub process_action3( $$$$$ ) {
|
|||||||
my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 1, 8, 'action file';
|
my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 1, 8, 'action file';
|
||||||
|
|
||||||
if ( $target eq 'COMMENT' ) {
|
if ( $target eq 'COMMENT' ) {
|
||||||
if ( $capabilities{COMMENTS} ) {
|
process_comment;
|
||||||
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
|
||||||
} else {
|
|
||||||
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
|
|
||||||
}
|
|
||||||
|
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -52,6 +52,7 @@ our @EXPORT = qw( STANDARD
|
|||||||
POSTROUTE_RESTRICT
|
POSTROUTE_RESTRICT
|
||||||
ALL_RESTRICT
|
ALL_RESTRICT
|
||||||
|
|
||||||
|
process_comment
|
||||||
push_cmd_mode
|
push_cmd_mode
|
||||||
pop_cmd_mode
|
pop_cmd_mode
|
||||||
add_command
|
add_command
|
||||||
@ -257,6 +258,17 @@ my $chainseq;
|
|||||||
# Chain reference , Command
|
# Chain reference , Command
|
||||||
#
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# Process a COMMENT line (in $line)
|
||||||
|
#
|
||||||
|
sub process_comment() {
|
||||||
|
if ( $capabilities{COMMENTS} ) {
|
||||||
|
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
||||||
|
fatal_error "COMMENT lines may not contain double quotes" if $comment =~ /"/;
|
||||||
|
} else {
|
||||||
|
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
|
||||||
|
}
|
||||||
|
}
|
||||||
#
|
#
|
||||||
# Functions to manipulate cmdcount
|
# Functions to manipulate cmdcount
|
||||||
#
|
#
|
||||||
|
@ -271,11 +271,7 @@ sub setup_masq()
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $fullinterface eq 'COMMENT' ) {
|
if ( $fullinterface eq 'COMMENT' ) {
|
||||||
if ( $capabilities{COMMENTS} ) {
|
process_comment;
|
||||||
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
|
||||||
} else {
|
|
||||||
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
setup_one_masq $fullinterface, $networks, $addresses, $proto, $ports, $ipsec, $mark;
|
setup_one_masq $fullinterface, $networks, $addresses, $proto, $ports, $ipsec, $mark;
|
||||||
}
|
}
|
||||||
@ -384,11 +380,7 @@ sub setup_nat() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $external eq 'COMMENT' ) {
|
if ( $external eq 'COMMENT' ) {
|
||||||
if ( $capabilities{COMMENTS} ) {
|
process_comment;
|
||||||
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
|
||||||
} else {
|
|
||||||
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
do_one_nat $external, $interface, $internal, $allints, $localnat;
|
do_one_nat $external, $interface, $internal, $allints, $localnat;
|
||||||
}
|
}
|
||||||
|
@ -699,11 +699,7 @@ sub setup_mac_lists( $ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $disposition eq 'COMMENT' ) {
|
if ( $disposition eq 'COMMENT' ) {
|
||||||
if ( $capabilities{COMMENTS} ) {
|
process_comment;
|
||||||
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
|
||||||
} else {
|
|
||||||
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
( $disposition, my $level ) = split /:/, $disposition;
|
( $disposition, my $level ) = split /:/, $disposition;
|
||||||
|
|
||||||
@ -1264,11 +1260,7 @@ sub process_rules() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $target eq 'COMMENT' ) {
|
if ( $target eq 'COMMENT' ) {
|
||||||
if ( $capabilities{COMMENTS} ) {
|
process_comment;
|
||||||
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
|
||||||
} else {
|
|
||||||
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
|
|
||||||
}
|
|
||||||
} elsif ( $target eq 'SECTION' ) {
|
} elsif ( $target eq 'SECTION' ) {
|
||||||
fatal_error "Invalid SECTION $source" unless defined $sections{$source};
|
fatal_error "Invalid SECTION $source" unless defined $sections{$source};
|
||||||
fatal_error "Duplicate or out of order SECTION $source" if $sections{$source};
|
fatal_error "Duplicate or out of order SECTION $source" if $sections{$source};
|
||||||
|
@ -533,11 +533,7 @@ sub setup_tc() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $mark eq 'COMMENT' ) {
|
if ( $mark eq 'COMMENT' ) {
|
||||||
if ( $capabilities{COMMENTS} ) {
|
process_comment;
|
||||||
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
|
||||||
} else {
|
|
||||||
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos
|
process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos
|
||||||
}
|
}
|
||||||
|
@ -263,11 +263,7 @@ sub setup_tunnels() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $kind eq 'COMMENT' ) {
|
if ( $kind eq 'COMMENT' ) {
|
||||||
if ( $capabilities{COMMENTS} ) {
|
process_comment;
|
||||||
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
|
||||||
} else {
|
|
||||||
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
setup_one_tunnel $kind, $zone, $gateway, $gatewayzones;
|
setup_one_tunnel $kind, $zone, $gateway, $gatewayzones;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user