On 10/7/12 5:24 PM, Tom Eastep wrote: > On 10/7/12 4:35 PM, Steven Jan Springl wrote: >> Tom >> >> The following Shorewall6 hosts file entry: >> >> abc eth3:!+set1 >> >> Produces the following message: >> >> ERROR: Invalid HOST(S) column contents: eth3:!+set1 /etc/shorewall66/hosts >> (line 15) >> >> This worked in 4.5.8 RC2. >> > > Steven, > > This patch seems to fix it. >
Steven, Here is the complete patch. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm
b/Shorewall/Perl/Shorewall/IPAddrs.pm
index 7bd1d84..ca255f7 100644
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -228,6 +228,8 @@ sub validate_4range( $$ ) {
my $last = decodeaddr $high;
fatal_error "Invalid IP Range ($low-$high)" unless $first <= $last;
+
+ "$low-$high";
}
sub validate_4host( $$ ) {
@@ -690,11 +692,13 @@ sub validate_6range( $$ ) {
while ( @low ) {
my ( $l, $h) = ( shift @low, shift @high );
next if hex "0x$l" == hex "0x$h";
- return 1 if hex "0x$l" < hex "0x$h";
+ return "$low-$high" if hex "0x$l" < hex "0x$h";
last;
}
fatal_error "Invalid IPv6 Range ($low-$high)";
+
+
}
sub validate_6host( $$ ) {
diff --git a/Shorewall/Perl/Shorewall/Zones.pm
b/Shorewall/Perl/Shorewall/Zones.pm
index 6bbb421..3b07f16 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -763,12 +763,6 @@ sub add_group_to_zone($$$$$)
$new = \@exclusions;
}
- if ( $host =~ /-/ ) {
- &validate_range( split('-', $host, 2 ) )
- } else {
- $host = validate_net( $host, 1 ) unless $host =~ /^\+/;
- }
-
unless ( $switched ) {
if ( $type == $zonetype ) {
fatal_error "Duplicate Host Group ($interface:$host) in zone
$zone" if $interfaces{$interface}{zone} eq $zone;
@@ -791,7 +785,7 @@ sub add_group_to_zone($$$$$)
fatal_error "Invalid ipset name ($host)" unless $host =~
/^\+(6_)?[a-zA-Z][-\w]*$/;
require_capability( 'IPSET_MATCH', 'Ipset names in host lists', '');
} else {
- validate_host $host, 0;
+ $host = validate_host $host, 0;
}
push @$new, $host;
@@ -1823,9 +1817,10 @@ sub process_host( ) {
} else {
fatal_error "Invalid HOST(S) column contents: $hosts";
}
- } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>$/ ||
- $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]$/ ||
- $hosts =~ /^([\w.@%-]+\+?):(\[.+\](?:\/\d+)?)$/ ||
+ } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>$/ ||
+ $hosts =~ /^([\w.@%-]+\+?)\[(.*)\]$/ ||
+ $hosts =~ /^([\w.@%-]+\+?):(!?\[.+\](?:\/\d+)?)$/ ||
+ $hosts =~ /^([\w.@%-]+\+?):(!?\+.*)$/ ||
$hosts =~ /^([\w.@%-]+\+?):(dynamic)$/ ) {
$interface = $1;
$hosts = $2;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
