firewall: do not produce 0.0.0.0/0 if a symbolic masq_src or masq_dest is given but does not resolve to an ip

SVN-Revision: 28628
This commit is contained in:
Jo-Philipp Wich 2011-10-27 18:14:55 +00:00
parent 69853cc4e8
commit c7ac1b5b0c
3 changed files with 7 additions and 4 deletions

View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall PKG_NAME:=firewall
PKG_VERSION:=2 PKG_VERSION:=2
PKG_RELEASE:=39 PKG_RELEASE:=40
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk

View file

@ -247,13 +247,13 @@ fw_load_zone() {
for msrc in ${zone_masq_src:-0.0.0.0/0}; do for msrc in ${zone_masq_src:-0.0.0.0/0}; do
case "$msrc" in case "$msrc" in
*.*) fw_get_negation msrc '-s' "$msrc" ;; *.*) fw_get_negation msrc '-s' "$msrc" ;;
*) fw_get_subnet4 msrc '-s' "$msrc" ;; *) fw_get_subnet4 msrc '-s' "$msrc" || break ;;
esac esac
for mdst in ${zone_masq_dest:-0.0.0.0/0}; do for mdst in ${zone_masq_dest:-0.0.0.0/0}; do
case "$mdst" in case "$mdst" in
*.*) fw_get_negation mdst '-d' "$mdst" ;; *.*) fw_get_negation mdst '-d' "$mdst" ;;
*) fw_get_subnet4 mdst '-d' "$mdst" ;; *) fw_get_subnet4 mdst '-d' "$mdst" || break ;;
esac esac
fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst } fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst }

View file

@ -255,9 +255,12 @@ fw_get_subnet4() {
[ "${_name#!}" != "$_name" ] && \ [ "${_name#!}" != "$_name" ] && \
export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \ export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \
export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}" export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}"
return 0
;; ;;
*) export -n -- "$_var=" ;;
esac esac
export -n -- "$_var="
return 1
} }
fw_check_icmptype4() { fw_check_icmptype4() {