diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-05-05 11:34:06 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-05-05 11:34:06 -0700 |
| commit | af9b647c46b09a8ad84b68264fd2bfb65c9dd98e (patch) | |
| tree | 9e9b4c2461ae724fa1153fcb73d00d14c9edba7e /scripts | |
| parent | e4ec1e1bb7f3e1a69dc8d426cc8ed95dd7c84485 (diff) | |
| download | vyatta-cfg-firewall-af9b647c46b09a8ad84b68264fd2bfb65c9dd98e.tar.gz vyatta-cfg-firewall-af9b647c46b09a8ad84b68264fd2bfb65c9dd98e.zip | |
* don't allow user to create a chain that exists in the system. This may be
either vyatta/user defined chains or system chains such as INPUT, OUTPUT etc.
* don't allow user to create chains with name starting from 'VZONE'. This is
reserved for zone chains created by us.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index 9328dfa..888563e 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -729,6 +729,10 @@ sub setup_chain { run_cmd("$iptables_cmd -t $table --new-chain $chain", 0, 0); die "iptables error: $table $chain --new-chain: $!" if ($? >> 8); set_default_policy($table, $chain, $iptables_cmd, $policy); + } else { + printf STDERR 'Firewall config error: ' +. "Chain \"$chain\" being used in system. Cannot use it as a ruleset name\n"; + exit 1; } } |