holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Disallow wildcard interfaces in additional contexts

Browse Source
This commit is contained in:
Tom Eastep 2010-12-19 10:46:35 -08:00
parent 54c57e3bc7
commit c302e82233
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -3534,6 +3534,7 @@ sub expand_rule( $$$$$$$$$$;$ )
# An interface in the SOURCE column of a masq file
#
fatal_error "Bridge ports may not appear in the SOURCE column of this file" if port_to_bridge( $iiface );
fatal_error "A wildcard interface ( $iiface) is not allowed in this context" if $iiface =~ /\+$/;
if ( $table eq 'nat' ) {
warning_message qq(Using an interface as the masq SOURCE requires the interface to be up and configured when $Product starts/restarts) unless $idiotcount++;
@ -3625,6 +3626,7 @@ sub expand_rule( $$$$$$$$$$;$ )
#
fatal_error "A DEST interface is not permitted in the PREROUTING chain" if $restriction & DESTIFACE_DISALLOW;
fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface );
fatal_error "A wildcard interface ($diface) is not allowed in this context" if $diface =~ /\+$/;
push_command( $chainref , 'for dest in ' . get_interface_nets( $diface) . '; do', 'done' );
$rule .= '-d $dest ';
} else {