holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Ensure USER/GROUP is only specified when SOURCE in $FW

Browse Source
This commit is contained in:
Tom Eastep 2011-05-08 05:58:37 -07:00
parent 359de906ca
commit bbab1c9682
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1751,6 +1751,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
fatal_error "Missing source zone" if $sourcezone eq '-' || $sourcezone =~ /^:/; fatal_error "Missing source zone" if $sourcezone eq '-' || $sourcezone =~ /^:/;
fatal_error "Unknown source zone ($sourcezone)" unless $sourceref = defined_zone( $sourcezone ); fatal_error "Unknown source zone ($sourcezone)" unless $sourceref = defined_zone( $sourcezone );
fatal_error 'USER/GROUP may only be specified when the SOURCE zone is $FW' unless $user eq '-' || $sourcezone eq firewall_zone;
} }
if ( $actiontype & NATONLY ) { if ( $actiontype & NATONLY ) {

2
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -406,6 +406,8 @@ sub process_tc_rule( ) {
} }
} }
fatal_error "USER/GROUP only allowed in the OUTPUT chain" unless ( $user eq '-' || $chain eq 'tcout' );
if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) , if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) ,
$restrictions{$chain} | $restriction, $restrictions{$chain} | $restriction,
do_proto( $proto, $ports, $sports) . do_proto( $proto, $ports, $sports) .