diff options
| author | Stig Thormodsrud <stig@io.vyatta.com> | 2009-02-10 16:01:25 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@io.vyatta.com> | 2009-02-10 16:01:25 -0800 |
| commit | 9887700a0bcc22d646090ad263bff6b0895fb77c (patch) | |
| tree | 7c1ba1ace5a1e499206433c29a5fb1c21d88b0f9 /lib/Vyatta | |
| parent | 3a624b78f5b0d50ef09953986d3289aecfa5fab7 (diff) | |
| download | vyatta-cfg-firewall-9887700a0bcc22d646090ad263bff6b0895fb77c.tar.gz vyatta-cfg-firewall-9887700a0bcc22d646090ad263bff6b0895fb77c.zip | |
Add more firewall group validation before calling ipset.
Diffstat (limited to 'lib/Vyatta')
| -rwxr-xr-x | lib/Vyatta/IpTables/IpSet.pm | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm index e28c5e4..80e20bb 100755 --- a/lib/Vyatta/IpTables/IpSet.pm +++ b/lib/Vyatta/IpTables/IpSet.pm @@ -157,10 +157,23 @@ sub check_member { if (!Vyatta::TypeChecker::validateType('ipv4', $member, 1)) { return "Error: [$member] isn't valid IPv4 address\n"; } + if ($member eq '0.0.0.0') { + return "Error: zero IP address not valid in address-group\n"; + } } elsif ($self->{_type} eq 'network') { if (!Vyatta::TypeChecker::validateType('ipv4net', $member, 1)) { return "Error: [$member] isn't valid IPv4 network\n"; } + if ($member =~ /([\d.]+)\/(\d+)/) { + my $net = $1; + my $cidr = $2; + return "Error: zero net invalid in network-group\n" + if $net eq '0.0.0.0'; + return "Error: zero cidr invalid in network-group\n" + if $cidr eq '0'; + } else { + return "Error: Invalid network group [$member]\n"; + } } elsif ($self->{_type} eq 'port') { if ($member =~ /^\d/) { my ($success, $err) = Vyatta::Misc::isValidPortNumber($member); |