From e21ff03339068a7726d3d2bc83b2d7c9188a0759 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 9 Jul 2011 16:16:28 -0700 Subject: [PATCH] Fix ipsets in IPv6 hosts file Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Zones.pm | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index eeffddda5..9d1ca063e 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -1725,26 +1725,28 @@ sub process_host( ) { if ( $hosts =~ /^([\w.@%-]+\+?):(.*)$/ ) { $interface = $1; $hosts = $2; - - if ( $hosts =~ /^\+/ ) { - $zoneref->{options}{complex} = 1; - fatal_error "ipset name qualification is disallowed in this file" if $hosts =~ /[\[\]]/; - fatal_error "Invalid ipset name ($hosts)" unless $hosts =~ /^\+[a-zA-Z][-\w]*$/; - } - fatal_error "Unknown interface ($interface)" unless ($interfaceref = $interfaces{$interface}) && $interfaceref->{root}; } else { fatal_error "Invalid HOST(S) column contents: $hosts"; } - } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>\s*$/ || $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]\s*$/ || $hosts =~ /^([\w.@%-]+\+?):(dynamic)\s*$/ ) { + } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>$/ || + $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]$/ || + $hosts =~ /^([\w.@%-]+\+?):(\+.*)$/ || + $hosts =~ /^([\w.@%-]+\+?):(dynamic)$/ ) { $interface = $1; $hosts = $2; - $zoneref->{options}{complex} = 1 if $hosts =~ /^\+/; + fatal_error "Unknown interface ($interface)" unless ($interfaceref = $interfaces{$interface})->{root}; } else { fatal_error "Invalid HOST(S) column contents: $hosts" } + if ( $hosts =~ /^\+/ ) { + $zoneref->{options}{complex} = 1; + fatal_error "ipset name qualification is disallowed in this file" if $hosts =~ /[\[\]]/; + fatal_error "Invalid ipset name ($hosts)" unless $hosts =~ /^\+[a-zA-Z][-\w]*$/; + } + if ( $type == BPORT ) { if ( $zoneref->{bridge} eq '' ) { fatal_error 'Bridge Port Zones may only be associated with bridge ports' unless $interfaceref->{options}{port};