From f88241a6f1c38ef7d9c12da153e02ee76f31bd18 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 26 Sep 2003 21:34:16 +0000 Subject: [PATCH] Fix rules file processing with missing policy git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@747 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 ++ Shorewall/firewall | 3 +++ Shorewall/releasenotes.txt | 10 ++++++++++ 3 files changed, 15 insertions(+) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index fdb1e74fb..8739e1b8a 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -83,3 +83,5 @@ Changes since 1.4.6 36) Extend USER SET column in /etc/shorewall/rules to allow user:group. 37) Reword error message to avoid the word 'illegal'. + +38) Avoid shell error when there is no policy corresponding to a rule. diff --git a/Shorewall/firewall b/Shorewall/firewall index 653b8d1fe..c10baec99 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -2732,6 +2732,9 @@ process_rule() # $1 = target eval policy=\$${chain}_policy + [ -z "$policy" ] && \ + fatal_error "No policy defined from zone $source to zone $dest" + [ $policy = NONE ] && \ fatal_error "Rules may not override a NONE policy: rule \"$rule\"" diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 2906840f3..725793169 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -57,6 +57,16 @@ Problems Corrected since version 1.4.6: 13) The documentation of the USERSETS column in the rules file has been corrected. +14) If there is no policy defined for the zones specified in a rule, + the firewall script previously encountered a shell syntax error: + + [: NONE: unexpected operator + + Now, the absence of a policy generates an error message and the + firewall is stopped: + + No policy defined from zone to zone + Migration Issues: 1) IP Traffic Accounting is changed from Snapshot 20030813.