From ece598288f3bb572f162024344669e2843e097f4 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 21 Jun 2011 21:00:08 -0700
Subject: [PATCH] Disallow DEFAULTS in the rules file

---
 Shorewall/Perl/Shorewall/Rules.pm | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 9e6ef08e1..cf18b9b86 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2373,11 +2373,20 @@ sub process_rule ( ) {
     #
     process_section( 'NEW' ) unless $section;
 
+    if ( $target eq 'DEFAULTS' ) {
+	if ( @actionstack ) {
+	    default_action_params( split_list $source, 'defaults' );
+	    next;
+	}	
+	
+	fatal_error "DEFAULTS is only allowed in an ACTION file";
+    }
+
     if ( $source =~ /^none(:.*)?$/i || $dest =~ /^none(:.*)?$/i ) {
 	progress_message "Rule \"$currentline\" ignored.";
 	return 1;
     }
-
+    
     my $intrazone = 0;
     my $wild      = 0;
     my $thisline  = $currentline; #We must save $currentline because it is overwritten by macro expansion