forked from extern/shorewall_code
Insure uniqueness of physical names; use logical name when constructing the name of a chain
This commit is contained in:
Tom Eastep
parent
4e2f2923b6
commit
c9e57c93a2
@ -673,7 +673,7 @@ sub chain_base($) {
|
||||
#
|
||||
sub forward_chain($)
|
||||
{
|
||||
get_physical( $_[0] ) . '_fwd';
|
||||
$_[0] . '_fwd';
|
||||
}
|
||||
|
||||
#
|
||||
@ -709,7 +709,7 @@ sub use_forward_chain($) {
|
||||
#
|
||||
sub input_chain($)
|
||||
{
|
||||
get_physical( $_[0] ) . '_in';
|
||||
$_[0] . '_in';
|
||||
}
|
||||
|
||||
#
|
||||
@ -767,7 +767,7 @@ sub use_input_chain($) {
|
||||
#
|
||||
sub output_chain($)
|
||||
{
|
||||
get_physical( $_[0] ) . '_out';
|
||||
$_[0] . '_out';
|
||||
}
|
||||
|
||||
#
|
||||
@ -811,7 +811,7 @@ sub use_output_chain($) {
|
||||
#
|
||||
sub masq_chain($)
|
||||
{
|
||||
get_physical( $_[0] ) . '_masq';
|
||||
$_[0] . '_masq';
|
||||
}
|
||||
|
||||
#
|
||||
@ -826,7 +826,7 @@ sub syn_flood_chain ( $ ) {
|
||||
#
|
||||
sub mac_chain( $ )
|
||||
{
|
||||
get_physical( $_[0] ) . '_mac';
|
||||
$_[0] . '_mac';
|
||||
}
|
||||
|
||||
sub macrecent_target($)
|
||||
@ -871,7 +871,7 @@ sub ecn_chain( $ )
|
||||
#
|
||||
sub first_chains( $ ) #$1 = interface
|
||||
{
|
||||
my $c = get_physical $_[0];
|
||||
my $c = $_[0];
|
||||
|
||||
( $c . '_fwd', $c . '_in' );
|
||||
}
|
||||
|
||||
@ -154,6 +154,7 @@ our @interfaces;
|
||||
our %interfaces;
|
||||
our @bport_zones;
|
||||
our %ipsets;
|
||||
our %physical;
|
||||
our $family;
|
||||
|
||||
use constant { FIREWALL => 1,
|
||||
@ -199,6 +200,7 @@ sub initialize( $ ) {
|
||||
%interfaces = ();
|
||||
@bport_zones = ();
|
||||
%ipsets = ();
|
||||
%physical = ();
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
%validinterfaceoptions = (arp_filter => BINARY_IF_OPTION,
|
||||
@ -895,7 +897,13 @@ sub process_interface( $ ) {
|
||||
|
||||
if ( $option eq 'physical' ) {
|
||||
fatal_error "Invalid Physical interface name ($value)" unless $value =~ /^[\w.@%-]+\+?$/;
|
||||
fatal_error "The 'physical' option is only allowed on bridge ports" unless $port || $config{LOGICAL_NAMES};
|
||||
|
||||
unless ( $port ) {
|
||||
fatal_error "The 'physical' option is only allowed on bridge ports" unless $config{LOGICAL_NAMES};
|
||||
fatal_error "Duplicate physical interface name ($value)" if $physical{$value};
|
||||
}
|
||||
|
||||
$physical{$value} = 1;
|
||||
my $wildphy = $value =~ /\+$/ ? 1 : 0;
|
||||
fatal_error "The type of 'physical' name ($value) doesn't match the type of interface name ($interface)" unless $wildphy == $wildcard;
|
||||
$physical = $value;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user