A bug in recent versions of Shorewall can result in rules that are wider in scope than intended.
If a zone name begins with 'all', then rules referring to that zone are
incorrectly handled as if the keyword 'all' had been entered rather than
the zone name.
Shorewall releases affected are 4.4.13 - 4.4.22.
The attached patch applies to all of these releases.
a) Save the patch
b) As root, execute this command:
patch /usr/share/shorewall/Shorewall/Rules.pm < ALL.patch
The patch will apply with an offset on releases prior to 4.4.22.
Example (4.4.13):
patch /usr/share/shorewall/Shorewall/Rules.pm < ~/ALL.patch
patching file /usr/share/shorewall/Shorewall/Rules.pm
Hunk #1 succeeded at 1548 (offset -704 lines).
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index c8b0d15..c06c653 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2252,7 +2252,7 @@ sub build_zone_list( $$$\$\$ ) {
#
# Handle Wildcards
#
- if ( $input =~ /^(all[-+]*)(![^:]+)?(:.*)?/ ) {
+ if ( $input =~ /^(all[-+]*)(![^:]+)?(:.*)?$/ ) {
$input = $1;
$exclude = $2;
$rest = $3;
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
