summaryrefslogtreecommitdiff
path: root/lib/Vyatta/IpTables
diff options
context:
space:
mode:
authorStig Thormodsrud <stig@vyatta.com>2010-03-24 17:11:19 -0700
committerStig Thormodsrud <stig@vyatta.com>2010-03-24 17:11:19 -0700
commit827abe453fccf1c5ee0f5f6ac9bb2cb806ea4d5c (patch)
tree39a22eb3bacfedd838108d877eb6f3a1a30e34e4 /lib/Vyatta/IpTables
parenta8726c8630503d2183159c1947dae59f93dda43c (diff)
downloadvyatta-cfg-firewall-827abe453fccf1c5ee0f5f6ac9bb2cb806ea4d5c.tar.gz
vyatta-cfg-firewall-827abe453fccf1c5ee0f5f6ac9bb2cb806ea4d5c.zip
Fix 5203: negation in firewall rule causes deprecation message
Diffstat (limited to 'lib/Vyatta/IpTables')
-rwxr-xr-xlib/Vyatta/IpTables/AddressFilter.pm32
-rw-r--r--lib/Vyatta/IpTables/Rule.pm20
2 files changed, 34 insertions, 18 deletions
diff --git a/lib/Vyatta/IpTables/AddressFilter.pm b/lib/Vyatta/IpTables/AddressFilter.pm
index c2d44ab..721ff65 100755
--- a/lib/Vyatta/IpTables/AddressFilter.pm
+++ b/lib/Vyatta/IpTables/AddressFilter.pm
@@ -181,8 +181,12 @@ sub rule {
if (($self->{_srcdst} eq "source") && (defined($self->{_src_mac}))) {
# handle src mac
my $str = $self->{_src_mac};
- $str =~ s/^\!(.*)$/! $1/;
- $rule .= "-m mac --mac-source $str ";
+ my $negate = '';
+ if ($str =~ /^\!(.*)$/) {
+ $str = $1;
+ $negate = '! ';
+ }
+ $rule .= "-m mac $negate --mac-source $str ";
}
my %group_ok;
@@ -194,15 +198,23 @@ sub rule {
my $str = $self->{_network};
return (undef, "\"$str\" is not a valid $ip_term $prefix_term")
if (!Vyatta::TypeChecker::validateType($prefix_checker, $str, 1));
- $str =~ s/^\!(.*)$/! $1/;
- $rule .= "--$self->{_srcdst} $str ";
+ my $negate = '';
+ if ($str =~ /^\!(.*)$/) {
+ $str = $1;
+ $negate = '! ';
+ }
+ $rule .= "$negate --$self->{_srcdst} $str ";
$group_ok{network} = 0;
} elsif (defined($self->{_address})) {
my $str = $self->{_address};
return (undef, "\"$str\" is not a valid $ip_term address")
if (!Vyatta::TypeChecker::validateType($addr_checker, $str, 1));
- $str =~ s/^\!(.*)$/! $1/;
- $rule .= "--$self->{_srcdst} $str ";
+ my $negate = '';
+ if ($str =~ /^\!(.*)$/) {
+ $str = $1;
+ $negate = '! ';
+ }
+ $rule .= "$negate --$self->{_srcdst} $str ";
$group_ok{address} = 0;
} elsif ((defined $self->{_range_start}) && (defined $self->{_range_stop})) {
my $start = $self->{_range_start};
@@ -212,14 +224,14 @@ sub rule {
|| !Vyatta::TypeChecker::validateType($pure_addr_checker, $stop, 1));
my $negate = '';
if ($self->{_range_start} =~ /^!(.*)$/) {
- $start = $1;
- $negate = '! '
+ $start = $1;
+ $negate = '! ';
}
if ("$self->{_srcdst}" eq "source") {
- $rule .= ("-m iprange $negate--src-range $start-$self->{_range_stop} ");
+ $rule .= ("-m iprange $negate --src-range $start-$self->{_range_stop} ");
}
elsif ("$self->{_srcdst}" eq "destination") {
- $rule .= ("-m iprange $negate--dst-range $start-$self->{_range_stop} ");
+ $rule .= ("-m iprange $negate --dst-range $start-$self->{_range_stop} ");
}
$group_ok{address} = 0;
$group_ok{network} = 0;
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm
index 6105ae7..e6b6ca7 100644
--- a/lib/Vyatta/IpTables/Rule.pm
+++ b/lib/Vyatta/IpTables/Rule.pm
@@ -332,14 +332,18 @@ sub rule {
# set the protocol
if (defined($self->{_protocol})) {
- my $str = $self->{_protocol};
- $str =~ s/^\!(.*)$/! $1/;
- if ($str eq 'tcp_udp') {
- $tcp_and_udp = 1;
- $rule .= " -p tcp "; # we'll add the '-p udp' to 2nd rule later
- } else {
- $rule .= " -p $str ";
- }
+ my $str = $self->{_protocol};
+ my $negate = '';
+ if ($str =~ /^\!(.*)$/) {
+ $str = $1;
+ $negate = '! ';
+ }
+ if ($str eq 'tcp_udp') {
+ $tcp_and_udp = 1;
+ $rule .= " $negate -p tcp "; # we'll add the '-p udp' to 2nd rule later
+ } else {
+ $rule .= " $negate -p $str ";
+ }
}
my $state_str = uc (get_state_str($self));