summaryrefslogtreecommitdiff
path: root/templates/firewall
diff options
context:
space:
mode:
authorMohit Mehta <mohit.mehta@vyatta.com>2009-05-05 11:34:06 -0700
committerMohit Mehta <mohit.mehta@vyatta.com>2009-05-05 11:34:06 -0700
commitaf9b647c46b09a8ad84b68264fd2bfb65c9dd98e (patch)
tree9e9b4c2461ae724fa1153fcb73d00d14c9edba7e /templates/firewall
parente4ec1e1bb7f3e1a69dc8d426cc8ed95dd7c84485 (diff)
downloadvyatta-cfg-firewall-af9b647c46b09a8ad84b68264fd2bfb65c9dd98e.tar.gz
vyatta-cfg-firewall-af9b647c46b09a8ad84b68264fd2bfb65c9dd98e.zip
* don't allow user to create a chain that exists in the system. This may be
either vyatta/user defined chains or system chains such as INPUT, OUTPUT etc. * don't allow user to create chains with name starting from 'VZONE'. This is reserved for zone chains created by us.
Diffstat (limited to 'templates/firewall')
-rw-r--r--templates/firewall/ipv6-modify/node.def2
-rw-r--r--templates/firewall/ipv6-name/node.def2
-rw-r--r--templates/firewall/modify/node.def2
-rw-r--r--templates/firewall/name/node.def2
4 files changed, 8 insertions, 0 deletions
diff --git a/templates/firewall/ipv6-modify/node.def b/templates/firewall/ipv6-modify/node.def
index 65272de..5b4c8ac 100644
--- a/templates/firewall/ipv6-modify/node.def
+++ b/templates/firewall/ipv6-modify/node.def
@@ -12,6 +12,8 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star
syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'"
+syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\""
+
end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify "$VAR(@)" ;
then
if [ ${COMMIT_ACTION} = 'DELETE' ] ;
diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def
index 65a5377..d60808b 100644
--- a/templates/firewall/ipv6-name/node.def
+++ b/templates/firewall/ipv6-name/node.def
@@ -12,6 +12,8 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star
syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'"
+syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\""
+
end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name "$VAR(@)" ;
then
if [ ${COMMIT_ACTION} = 'DELETE' ] ;
diff --git a/templates/firewall/modify/node.def b/templates/firewall/modify/node.def
index b7ec4a4..c9d6dc0 100644
--- a/templates/firewall/modify/node.def
+++ b/templates/firewall/modify/node.def
@@ -10,6 +10,8 @@ syntax:expression: exec " \
syntax:expression: pattern $VAR(@) "^[^-]" ; "Modify rule set name cannot start with \"-\""
+syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\""
+
syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'"
end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify "$VAR(@)" ;
diff --git a/templates/firewall/name/node.def b/templates/firewall/name/node.def
index 4030170..4bde06a 100644
--- a/templates/firewall/name/node.def
+++ b/templates/firewall/name/node.def
@@ -10,6 +10,8 @@ syntax:expression: exec " \
syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot start with \"-\""
+syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\""
+
syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'"
end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name "$VAR(@)" ;