vyatta-cfg-firewall: check rules for errors before processing them - vyatta-cfg-firewall.git - Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git)

diff options

author	Alex Harpin <development@landsofshadow.co.uk>	2015-11-28 20:00:46 +0000
committer	Alex Harpin <development@landsofshadow.co.uk>	2015-11-28 20:00:46 +0000
commit	14bed3ad112362ecf9fabc0bd5d5ecbeef96dd0d (patch)
tree	f10467002533b8be3b27361e8337d8c011416a7b /scripts/firewall/valid_port_range.pl
parent	4de481530a72acb40d4b146ff3067f2eaa4360e4 (diff)
download	vyatta-cfg-firewall-14bed3ad112362ecf9fabc0bd5d5ecbeef96dd0d.tar.gz vyatta-cfg-firewall-14bed3ad112362ecf9fabc0bd5d5ecbeef96dd0d.zip

vyatta-cfg-firewall: check rules for errors before processing them

Errors in firewall rules can cause either rules to be overwritten (completely or partially), dropped entirely, or just ending up with an inconsistent state in comparison to the current configuration. This can lead to unpredictable firewall results, which can't even be corrected by deleting all the firewall rules, only a reboot or manual intervention will correct the issue. Checking these rules for consistency in a separate loop before they are applied allows the errors to flagged up and the commit failed before the iptables are touched. Bug #623 http://bugzilla.vyos.net/show_bug.cgi?id=623

Diffstat (limited to 'scripts/firewall/valid_port_range.pl')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: