holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Generate error if no ipv4 zones or no interfaces

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7931 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-12-18 23:55:20 +00:00
parent de449ad878
commit c58f3c7eca
4 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/changelog.txt
View File

@ -12,6 +12,8 @@ Changes in 4.1.3
6) Add better diagnostic when not running as root. 6) Add better diagnostic when not running as root.
7) Detect lack of interfaces and IPv4 zones.
Changes in 4.1.2 Changes in 4.1.2
1) Enhanced Operational Logging 1) Enhanced Operational Logging

3
Shorewall-common/releasenotes.txt
View File

@ -40,6 +40,9 @@ Other changes in Shorewall 4.1.3.
2) The error message has been improved when a non-root user attempts 2) The error message has been improved when a non-root user attempts
"shorewall show capabilities". "shorewall show capabilities".
3) Shorewall-perl now generates fatal error conditions when there are
no IPv4 zones defined and when there are no interfaces defined.
Migration Issues. Migration Issues.
1) Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero 1) Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero

6
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -710,7 +710,7 @@ EOF
sub compiler { sub compiler {
my ( $objectfile, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity ) = my ( $objectfile, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity ) =
( '', '', -1, '', 0, '', '', -1 ); ( '', '', -1, '', 0, '', '', -1 );
$export = 0; $export = 0;
$test = 0; $test = 0;
@ -725,7 +725,7 @@ sub compiler {
defined($val) && ($val >= -1) && ($val < 3); defined($val) && ($val >= -1) && ($val < 3);
} }
my %elbat = ( object => { store => \$objectfile }, my %parms = ( object => { store => \$objectfile },
directory => { store => \$directory }, directory => { store => \$directory },
verbosity => { store => \$verbosity , edit => \&edit_verbosity } , verbosity => { store => \$verbosity , edit => \&edit_verbosity } ,
timestamp => { store => \$timestamp, edit => \&edit_boolean } , timestamp => { store => \$timestamp, edit => \&edit_boolean } ,
@ -738,7 +738,7 @@ sub compiler {
); );
while ( defined ( my $name = shift ) ) { while ( defined ( my $name = shift ) ) {
fatal_error "Unknown parameter ($name)" unless my $ref = $elbat{$name}; fatal_error "Unknown parameter ($name)" unless my $ref = $parms{$name};
fatal_error "Undefined value supplied for parameter $name" unless defined ( my $val = shift ) ; fatal_error "Undefined value supplied for parameter $name" unless defined ( my $val = shift ) ;
if ( $ref->{edit} ) { if ( $ref->{edit} ) {
fatal_error "Invalid value ( $val ) supplied for parameter $name" unless $ref->{edit}->($val); fatal_error "Invalid value ( $val ) supplied for parameter $name" unless $ref->{edit}->($val);

10
Shorewall-perl/Shorewall/Zones.pm
View File

@ -234,6 +234,8 @@ sub determine_zones()
{ {
my @z; my @z;
my $ipv4 = 0;
my $fn = open_file 'zones'; my $fn = open_file 'zones';
first_entry "$doing $fn..."; first_entry "$doing $fn...";
@ -264,6 +266,7 @@ sub determine_zones()
if ( $type =~ /ipv4/i ) { if ( $type =~ /ipv4/i ) {
$type = 'ipv4'; $type = 'ipv4';
$ipv4 = 1;
} elsif ( $type =~ /^ipsec4?$/i ) { } elsif ( $type =~ /^ipsec4?$/i ) {
$type = 'ipsec4'; $type = 'ipsec4';
} elsif ( $type =~ /^bport4?$/i ) { } elsif ( $type =~ /^bport4?$/i ) {
@ -278,6 +281,7 @@ sub determine_zones()
$type = "firewall"; $type = "firewall";
} elsif ( $type eq '-' ) { } elsif ( $type eq '-' ) {
$type = 'ipv4'; $type = 'ipv4';
$ipv4 = 1;
} else { } else {
fatal_error "Invalid zone type ($type)" ; fatal_error "Invalid zone type ($type)" ;
} }
@ -302,6 +306,7 @@ sub determine_zones()
} }
fatal_error "No firewall zone defined" unless $firewall_zone; fatal_error "No firewall zone defined" unless $firewall_zone;
fatal_error "No IPv4 zones defined" unless $ipv4;
my %ordered; my %ordered;
@ -321,6 +326,7 @@ sub determine_zones()
} }
fatal_error "Internal error in determine_zones()" unless scalar @zones == scalar @z; fatal_error "Internal error in determine_zones()" unless scalar @zones == scalar @z;
} }
# #
@ -750,6 +756,10 @@ sub validate_interfaces_file( $ )
push @interfaces, $interface unless $interfaceref->{options}{port}; push @interfaces, $interface unless $interfaceref->{options}{port};
} }
#
# Be sure that we have at least one interface
#
fatal_error "No network interfaces defined" unless @interfaces;
} }
# #