holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Reject long CC lists.

Browse Source 
- include offending CC in 'Invalid or Unknown' error

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-05-19 12:44:24 -07:00
parent f0a3e1652a
commit db96f6ead2
1 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -5176,9 +5176,13 @@ sub match_source_net( $;$\$ ) {
fatal_error "A countrycode list may not be used in this context" if $restriction & ( OUTPUT_RESTRICT | POSTROUTE_RESTRICT );
require_capability 'GEOIP_MATCH', 'A country-code', '';
my @countries = split_list $2, 'cc';
fatal_error "Too many Country Codes ($2)" if @countries > 15;
for ( split_list $2, 'cc' ) {
fatal_error "Unknown or invalid Country Code" unless $isocodes{$_};
for ( @countries ) {
fatal_error "Unknown or invalid Country Code ($_)" unless $isocodes{$_};
}
return join( '', '-m geoip ', $1 ? '! ' : '', '--src-cc ', $2 , ' ');
@ -5243,8 +5247,12 @@ sub imatch_source_net( $;$\$ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
for ( split_list $2, 'cc' ) {
fatal_error "Unknown or invalid Country Code" unless $isocodes{$_};
my @countries = split_list $2, 'cc';
fatal_error "Too many Country Codes ($2)" if @countries > 15;
for ( @countries ) {
fatal_error "Unknown or invalid Country Code ($_)" unless $isocodes{$_};
}
return ( geoip => , join( '', $1 ? '! ' : '', '--src-cc ', $2 ) );
@ -5306,8 +5314,12 @@ sub match_dest_net( $;$ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
for ( split_list $2, 'cc' ) {
fatal_error "Unknown or invalid Country Code" unless $isocodes{$_};
my @countries = split_list $2, 'cc';
fatal_error "Too many Country Codes ($2)" if @countries > 15;
for ( @countries ) {
fatal_error "Unknown or invalid Country Code ($_)" unless $isocodes{$_};
}
return join( '', '-m geoip ', $1 ? '! ' : '', '--dst-cc ', $2, ' ' );
@ -5367,8 +5379,12 @@ sub imatch_dest_net( $;$ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
for ( split_list $2, 'cc' ) {
fatal_error "Unknown or invalid Country Code" unless $isocodes{$_};
my @countries = split_list $2, 'cc';
fatal_error "Too many Country Codes ($2)" if @countries > 15;
for ( @countries ) {
fatal_error "Unknown or invalid Country Code ($_)" unless $isocodes{$_};
}
return ( geoip => , join( '', $1 ? '! ' : '', '--dst-cc ', $2 ) );