Cary this to the nth degree

2011-02-08 19:06:17 -08:00 · 2011-02-08 19:06:17 -08:00 · c15eeefff0
commit c15eeefff0
parent e99d177d50
1 changed files with 6 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -312,6 +312,8 @@ our %interfacegateways;     # Gateway of default route out of the interface
 #
 our @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING);

+our %builtins;
+
 #
 # Mode of the emitter (part of this module that converts rules in the chain table into iptables-restore input)
 #
@ -397,6 +399,8 @@ sub initialize( $ ) {
    %interfaceacasts    = ();
    %interfacegateways  = ();

+    $builtins{$_} = 1 for @builtins;
+
    $global_variables   = 0;
    $idiotcount         = 0;
    $idiotcount1        = 0;
@ -1270,7 +1274,7 @@ sub ensure_accounting_chain( $$ )
 	fatal_error "Non-accounting chain ($chain) used in an accounting rule" unless $chainref->{accounting};
    } else {
 	fatal_error "Chain name ($chain) too long" if length $chain > 29;
-	fatal_error "Invalid Chain name ($chain)" if $builtin_target{$chain} || ! $chain =~ /^[-\w]+$/;
+	fatal_error "Invalid Chain name ($chain)" if $builtin_target{$chain} || $builtins{$chain} || ! $chain =~ /^[-\w]+$/;
 	$chainref = new_chain 'filter' , $chain;
 	$chainref->{accounting} = 1;
 	$chainref->{referenced} = 1;
@ -1359,7 +1363,7 @@ sub new_nat_chain($) {
 sub new_manual_chain($) {
    my $chain = $_[0];
    fatal_error "Chain name ($chain) too long" if length $chain > 29;
-    fatal_error "Invalid Chain name ($chain)" if $builtin_target{$chain} || ! $chain =~ /^[-\w]+$/;
+    fatal_error "Invalid Chain name ($chain)" if $builtin_target{$chain} || $builtins{$chain} || ! $chain =~ /^[-\w]+$/;
    fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain};
    $targets{$chain} = CHAIN;
    ( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1;