Re: [Shorewall-devel] Shorewall 4.4.18 Beta 1

Fri, 18 Feb 2011 17:43:37 -0800 

On 2/18/11 2:42 PM, Steven Jan Springl wrote:
> Tom
> 
> Is it worth blocking rules file action names accountin, accounting & 
> accountout?
> 
> If rules file action accountin is defined and the following is coded in the 
> accounting file:
> 
> SECTION INPUT
> COUNT
> 
> The following Shorewall message is produced?
> 
> ERROR: accountin is not an accounting chain : /etc/shorewallA/accounting 
> (line 
> 14)
> 

The attached patch should improve things.

Thanks Steven,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Chains.pm 
b/Shorewall/Perl/Shorewall/Chains.pm
index 134f876..2663166 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -107,6 +107,7 @@ our %EXPORT_TAGS = (
                                       ecn_chain
                                       notrack_chain
                                       first_chains
+                                      reserved_name
                                       find_chain
                                       ensure_chain
                                       ensure_accounting_chain
@@ -1130,6 +1131,12 @@ sub first_chains( $ ) #$1 = interface
     ( $c . '_fwd', $c . '_in' );
 }
 
+sub reserved_name( $ ) {
+    my $chain = shift;
+
+    $builtin_target{$chain} || $config_files{$chain} || $chain =~ 
/^account(?:fwd|in|ing|out)$/;
+}
+
 #
 # Create a new chain and return a reference to it.
 #
diff --git a/Shorewall/Perl/Shorewall/Rules.pm 
b/Shorewall/Perl/Shorewall/Rules.pm
index 34b3f41..d2ef465 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -192,6 +192,8 @@ sub new_action( $$ ) {
 
     my ( $action , $type ) = @_;
 
+    fatal_error "Invalid action name" if reserved_name( $action );
+
     $actions{$action} = { actchain => ''  };
 
     $targets{$action} = $type;

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to