diff options
author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-05-05 11:34:06 -0700 |
---|---|---|
committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-05-05 11:34:06 -0700 |
commit | af9b647c46b09a8ad84b68264fd2bfb65c9dd98e (patch) | |
tree | 9e9b4c2461ae724fa1153fcb73d00d14c9edba7e /templates/firewall | |
parent | e4ec1e1bb7f3e1a69dc8d426cc8ed95dd7c84485 (diff) | |
download | vyatta-cfg-firewall-af9b647c46b09a8ad84b68264fd2bfb65c9dd98e.tar.gz vyatta-cfg-firewall-af9b647c46b09a8ad84b68264fd2bfb65c9dd98e.zip |
* don't allow user to create a chain that exists in the system. This may be
either vyatta/user defined chains or system chains such as INPUT, OUTPUT etc.
* don't allow user to create chains with name starting from 'VZONE'. This is
reserved for zone chains created by us.
Diffstat (limited to 'templates/firewall')
-rw-r--r-- | templates/firewall/ipv6-modify/node.def | 2 | ||||
-rw-r--r-- | templates/firewall/ipv6-name/node.def | 2 | ||||
-rw-r--r-- | templates/firewall/modify/node.def | 2 | ||||
-rw-r--r-- | templates/firewall/name/node.def | 2 |
4 files changed, 8 insertions, 0 deletions
diff --git a/templates/firewall/ipv6-modify/node.def b/templates/firewall/ipv6-modify/node.def index 65272de..5b4c8ac 100644 --- a/templates/firewall/ipv6-modify/node.def +++ b/templates/firewall/ipv6-modify/node.def @@ -12,6 +12,8 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" +syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\"" + end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify "$VAR(@)" ; then if [ ${COMMIT_ACTION} = 'DELETE' ] ; diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def index 65a5377..d60808b 100644 --- a/templates/firewall/ipv6-name/node.def +++ b/templates/firewall/ipv6-name/node.def @@ -12,6 +12,8 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" +syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\"" + end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name "$VAR(@)" ; then if [ ${COMMIT_ACTION} = 'DELETE' ] ; diff --git a/templates/firewall/modify/node.def b/templates/firewall/modify/node.def index b7ec4a4..c9d6dc0 100644 --- a/templates/firewall/modify/node.def +++ b/templates/firewall/modify/node.def @@ -10,6 +10,8 @@ syntax:expression: exec " \ syntax:expression: pattern $VAR(@) "^[^-]" ; "Modify rule set name cannot start with \"-\"" +syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\"" + syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify "$VAR(@)" ; diff --git a/templates/firewall/name/node.def b/templates/firewall/name/node.def index 4030170..4bde06a 100644 --- a/templates/firewall/name/node.def +++ b/templates/firewall/name/node.def @@ -10,6 +10,8 @@ syntax:expression: exec " \ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot start with \"-\"" +syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\"" + syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name "$VAR(@)" ; |