Re: [Shorewall-devel] Shorewall 4.4.22 Beta 2

[Tom Eastep]

On Wed, 2011-07-20 at 23:40 +0100, Steven Jan Springl wrote:

> Invalid rule:
> 
> ACCEPT  lan  fw  tcp !
> 
> generates iptables rule:
> 
> -A lan2fw -p 6 --dport ! -j ACCEPT
> 
> which produces the following messages:
> 
> Using intrapositioned negation (`--option ! this`) is deprecated in favor of 
> extrapositioned (`! --option this`).
> 
> iptables-restore v1.4.11.1: invalid port/service `-j' specified

Steven,

Looks like a problem in earlier versions as well.

The attached patch traps that situation.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________


diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index c4f8835..a41b36e 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2856,6 +2856,7 @@ sub do_proto( $$$;$ )
 			    $output .= "-m multiport ${invert}--dports ${ports} ";
 			    $multiport = 1;
 			}  else {
+			    fatal_error "Missing DEST PORT" unless supplied $ports;
 			    $ports   = validate_portpair $pname , $ports;
 			    $output .= "${invert}--dport ${ports} ";
 			}
@@ -2878,6 +2879,7 @@ sub do_proto( $$$;$ )
 			    $sports = validate_port_list $pname , $sports;
 			    $output .= "-m multiport ${invert}--sports ${sports} ";
 			}  else {
+			    fatal_error "Missing SOURCE PORT" unless supplied $sports;
 			    $sports  = validate_portpair $pname , $sports;
 			    $output .= "${invert}--sport ${sports} ";
 			}

signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel