Generate error if no ipv4 zones or no interfaces

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7931 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-12-18 23:55:20 +00:00 · 2007-12-18 23:55:20 +00:00 · c58f3c7eca
commit c58f3c7eca
parent de449ad878
4 changed files with 18 additions and 3 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -12,6 +12,8 @@ Changes in 4.1.3

 6)  Add better diagnostic when not running as root.

+7)  Detect lack of interfaces and IPv4 zones.
+
 Changes in 4.1.2

 1)  Enhanced Operational Logging
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -40,6 +40,9 @@ Other changes in Shorewall 4.1.3.
 2)  The error message has been improved when a non-root user attempts
    "shorewall show capabilities".

+3)  Shorewall-perl now generates fatal error conditions when there are
+    no IPv4 zones defined and when there are no interfaces defined.
+
 Migration Issues.

 1)  Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero
--- a/Shorewall-perl/Shorewall/Compiler.pm
+++ b/Shorewall-perl/Shorewall/Compiler.pm
@ -710,7 +710,7 @@ EOF
 sub compiler {

    my ( $objectfile, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity ) = 
-	( '',         '',         -1,          '',          0,      '',       '',   -1 );
+       ( '',          '',         -1,          '',          0,      '',       '',   -1 );

    $export = 0;
    $test   = 0;
@ -725,7 +725,7 @@ sub compiler {
 	 defined($val) && ($val >= -1) && ($val < 3);
     }

-    my %elbat = ( object        => { store => \$objectfile },
+    my %parms = ( object        => { store => \$objectfile },
 		  directory     => { store => \$directory  },
 		  verbosity     => { store => \$verbosity ,    edit => \&edit_verbosity } ,
 		  timestamp     => { store => \$timestamp,     edit => \&edit_boolean   } ,
@ -738,7 +738,7 @@ sub compiler {
 		);
    
    while ( defined ( my $name = shift ) ) {
-	fatal_error "Unknown parameter ($name)" unless my $ref = $elbat{$name};
+	fatal_error "Unknown parameter ($name)" unless my $ref = $parms{$name};
 	fatal_error "Undefined value supplied for parameter $name" unless defined ( my $val = shift ) ;
 	if ( $ref->{edit} ) {
 	    fatal_error "Invalid value ( $val ) supplied for parameter $name" unless $ref->{edit}->($val);
--- a/Shorewall-perl/Shorewall/Zones.pm
+++ b/Shorewall-perl/Shorewall/Zones.pm
@ -234,6 +234,8 @@ sub determine_zones()
 {
    my @z;

+    my $ipv4 = 0;
+
    my $fn = open_file 'zones';

    first_entry "$doing $fn...";
@ -264,6 +266,7 @@ sub determine_zones()

 	if ( $type =~ /ipv4/i ) {
 	    $type = 'ipv4';
+	    $ipv4 = 1;
 	} elsif ( $type =~ /^ipsec4?$/i ) {
 	    $type = 'ipsec4';
 	} elsif ( $type =~ /^bport4?$/i ) {
@ -278,6 +281,7 @@ sub determine_zones()
 	    $type = "firewall";
 	} elsif ( $type eq '-' ) {
 	    $type = 'ipv4';
+	    $ipv4 = 1;
 	} else {
 	    fatal_error "Invalid zone type ($type)" ;
 	}
@ -302,6 +306,7 @@ sub determine_zones()
    }

    fatal_error "No firewall zone defined" unless $firewall_zone;
+    fatal_error "No IPv4 zones defined" unless $ipv4;

    my %ordered;

@ -321,6 +326,7 @@ sub determine_zones()
    }

    fatal_error "Internal error in determine_zones()" unless scalar @zones == scalar @z;
+
 }

 #
@ -750,6 +756,10 @@ sub validate_interfaces_file( $ )

 	push @interfaces, $interface unless $interfaceref->{options}{port};
    }
+    #
+    # Be sure that we have at least one interface
+    #
+    fatal_error "No network interfaces defined" unless @interfaces;
 }

 #