Re: [Shorewall-devel] Shorewall 4.4.21 RC 3

Sat, 09 Jul 2011 17:27:11 -0700 

On Sun, 2011-07-10 at 01:10 +0100, Steven Jan Springl wrote:
> On Sunday 10 July 2011 01:07:15 Tom Eastep wrote:
> > I don't believe that is allowed in IPv4 either, is it?
>
> I have just tried it with IPv4 and shorewall accepts it.

Okay -- Shorewall has been mis-handling that.

Patch attached.

Thanks, Steven

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________


diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 9d1ca06..af5e2f3 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -1731,7 +1731,7 @@ sub process_host( ) {
 	}
     } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>$/   ||
 	      $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]$/ ||
-	      $hosts =~ /^([\w.@%-]+\+?):(\+.*)$/   ||
+	      $hosts =~ /^([\w.@%-]+\+?):(!?\+.*)$/   ||
 	      $hosts =~ /^([\w.@%-]+\+?):(dynamic)$/ ) {
 	$interface = $1;
 	$hosts = $2;
@@ -1741,10 +1741,10 @@ sub process_host( ) {
 	fatal_error "Invalid HOST(S) column contents: $hosts" 
     }
 
-    if ( $hosts =~ /^\+/ ) {
+    if ( $hosts =~ /^!?\+/ ) {
 	$zoneref->{options}{complex} = 1;
 	fatal_error "ipset name qualification is disallowed in this file" if $hosts =~ /[\[\]]/;
-	fatal_error "Invalid ipset name ($hosts)" unless $hosts =~ /^\+[a-zA-Z][-\w]*$/;
+	fatal_error "Invalid ipset name ($hosts)" unless $hosts =~ /^!?\+[a-zA-Z][-\w]*$/;
     }
 
     if ( $type == BPORT ) {

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to