diff options
author | Alex Harpin <development@landsofshadow.co.uk> | 2015-12-12 20:10:57 +0000 |
---|---|---|
committer | Alex Harpin <development@landsofshadow.co.uk> | 2015-12-12 20:10:57 +0000 |
commit | 06d3f338114141d1fa8c2878a6684dcfd1137e69 (patch) | |
tree | ec573bc61d7c9b9945edf2d05be6222297fc81eb | |
parent | aff6ce143e177645829b4cbe76839e90c515258d (diff) | |
download | vyatta-cfg-firewall-06d3f338114141d1fa8c2878a6684dcfd1137e69.tar.gz vyatta-cfg-firewall-06d3f338114141d1fa8c2878a6684dcfd1137e69.zip |
vyatta-cfg-firewall: update network-group check to allow "this" network
Update the check for network-groups to allow zero net addresses as they
are accepted by the current version of ipset used in VyOS, rejecting
only the 0.0.0.0/0 address. This allows the "this" network (0.0.0.0/8)
to be used in network-groups.
Bug #628 http://bugzilla.vyos.net/show_bug.cgi?id=628
-rwxr-xr-x | lib/Vyatta/IpTables/IpSet.pm | 6 | ||||
-rw-r--r-- | templates/firewall/group/network-group/node.tag/network/node.def | 4 |
2 files changed, 4 insertions, 6 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm index 37bbb37..ea9bc8d 100755 --- a/lib/Vyatta/IpTables/IpSet.pm +++ b/lib/Vyatta/IpTables/IpSet.pm @@ -361,10 +361,10 @@ sub check_member { } if ($member =~ /([\d.]+)\/(\d+)/) { my ($net, $mask) = ($1, $2); - return "Error: zero net invalid in network-group\n" - if $net eq '0.0.0.0'; + return "Error: 0.0.0.0/0 invalid in network-group\n" + if (($net eq '0.0.0.0') and ($mask == 0)); return "Error: invalid mask [$mask] - must be between 1-31\n" - if $mask < 1 or $mask > 31; + if (($mask < 1) or ($mask > 31)); } else { return "Error: Invalid network group [$member]\n"; } diff --git a/templates/firewall/group/network-group/node.tag/network/node.def b/templates/firewall/group/network-group/node.tag/network/node.def index b3e0c18..d08b39d 100644 --- a/templates/firewall/group/network-group/node.tag/network/node.def +++ b/templates/firewall/group/network-group/node.tag/network/node.def @@ -5,6 +5,4 @@ val_help: ipv4net; IPv4 Subnet to match syntax:expression: exec "/opt/vyatta/sbin/ipset-check-member network $VAR(@)" -syntax:expression: exec " \ - /opt/vyatta/sbin/check_prefix_boundary $VAR(@)" \ - +syntax:expression: exec "/opt/vyatta/sbin/check_prefix_boundary $VAR(@)" |