holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Insure uniqueness of physical names; use logical name when constructing the name of a chain

Browse Source
This commit is contained in:
Tom Eastep 2009-11-10 07:24:14 -08:00
parent 4e2f2923b6
commit c9e57c93a2
2 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -673,7 +673,7 @@ sub chain_base($) {
# #
sub forward_chain($) sub forward_chain($)
{ {
get_physical( $_[0] ) . '_fwd'; $_[0] . '_fwd';
} }
# #
@ -709,7 +709,7 @@ sub use_forward_chain($) {
# #
sub input_chain($) sub input_chain($)
{ {
get_physical( $_[0] ) . '_in'; $_[0] . '_in';
} }
# #
@ -767,7 +767,7 @@ sub use_input_chain($) {
# #
sub output_chain($) sub output_chain($)
{ {
get_physical( $_[0] ) . '_out'; $_[0] . '_out';
} }
# #
@ -811,7 +811,7 @@ sub use_output_chain($) {
# #
sub masq_chain($) sub masq_chain($)
{ {
get_physical( $_[0] ) . '_masq'; $_[0] . '_masq';
} }
# #
@ -826,7 +826,7 @@ sub syn_flood_chain ( $ ) {
# #
sub mac_chain( $ ) sub mac_chain( $ )
{ {
get_physical( $_[0] ) . '_mac'; $_[0] . '_mac';
} }
sub macrecent_target($) sub macrecent_target($)
@ -871,7 +871,7 @@ sub ecn_chain( $ )
# #
sub first_chains( $ ) #$1 = interface sub first_chains( $ ) #$1 = interface
{ {
my $c = get_physical $_[0]; my $c = $_[0];
( $c . '_fwd', $c . '_in' ); ( $c . '_fwd', $c . '_in' );
} }

10
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -154,6 +154,7 @@ our @interfaces;
our %interfaces; our %interfaces;
our @bport_zones; our @bport_zones;
our %ipsets; our %ipsets;
our %physical;
our $family; our $family;
use constant { FIREWALL => 1, use constant { FIREWALL => 1,
@ -199,6 +200,7 @@ sub initialize( $ ) {
%interfaces = (); %interfaces = ();
@bport_zones = (); @bport_zones = ();
%ipsets = (); %ipsets = ();
%physical = ();
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
%validinterfaceoptions = (arp_filter => BINARY_IF_OPTION, %validinterfaceoptions = (arp_filter => BINARY_IF_OPTION,
@ -895,7 +897,13 @@ sub process_interface( $ ) {
if ( $option eq 'physical' ) { if ( $option eq 'physical' ) {
fatal_error "Invalid Physical interface name ($value)" unless $value =~ /^[\w.@%-]+\+?$/; fatal_error "Invalid Physical interface name ($value)" unless $value =~ /^[\w.@%-]+\+?$/;
fatal_error "The 'physical' option is only allowed on bridge ports" unless $port || $config{LOGICAL_NAMES};
unless ( $port ) {
fatal_error "The 'physical' option is only allowed on bridge ports" unless $config{LOGICAL_NAMES};
fatal_error "Duplicate physical interface name ($value)" if $physical{$value};
}
$physical{$value} = 1;
my $wildphy = $value =~ /\+$/ ? 1 : 0; my $wildphy = $value =~ /\+$/ ? 1 : 0;
fatal_error "The type of 'physical' name ($value) doesn't match the type of interface name ($interface)" unless $wildphy == $wildcard; fatal_error "The type of 'physical' name ($value) doesn't match the type of interface name ($interface)" unless $wildphy == $wildcard;
$physical = $value; $physical = $value;