Merge branch 'mendocino' of vm:rel/vyatta-cfg-firewall into mendocino

3 files changed, 15 insertions, 15 deletions

diff --git a/templates/firewall/group/address-group/node.def b/templates/firewall/group/address-group/node.def
index 9c118ff..40462fa 100644
--- a/templates/firewall/group/address-group/node.def
+++ b/templates/firewall/group/address-group/node.def
@@ -3,11 +3,8 @@ priority: 200
 type: txt
 help: Firewall address-group
 
-syntax:expression: exec "			        \
-        if [ `echo $VAR(@) | wc -c` -gt 31 ]; then      \
-          echo group name must be 31 characters or less;\
-          exit 1 ;                                      \
-        fi ; "
+syntax:expression: pattern $VAR(@) "^[[:graph:]]{1,31}$" ; \
+       "Firewall group name must be 31 characters or less"
 
 syntax:expression: pattern $VAR(@) "^[^-]" ; \
        "Firewall group name cannot start with \"-\""
@@ -15,6 +12,9 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; \
 syntax:expression: pattern $VAR(@) "^[^!]" ; \
        "Firewall group name cannot start with \"!\""
 
+syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \
+       "Firewall group name cannot contain shell punctuation"
+
 create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \
           --action=create-set                 \
           --set-type=address                  \
diff --git a/templates/firewall/group/network-group/node.def b/templates/firewall/group/network-group/node.def
index c09176f..e20b536 100644
--- a/templates/firewall/group/network-group/node.def
+++ b/templates/firewall/group/network-group/node.def
@@ -3,11 +3,8 @@ priority: 200
 type: txt
 help: Firewall network-group
 
-syntax:expression: exec "			        \
-        if [ `echo $VAR(@) | wc -c` -gt 31 ]; then      \
-          echo group name must be 31 characters or less;\
-          exit 1 ;                                      \
-        fi ; "
+syntax:expression: pattern $VAR(@) "^[[:graph:]]{1,31}$" ; \
+       "Firewall group name must be 31 characters or less"
 
 syntax:expression: pattern $VAR(@) "^[^-]" ; \
        "Firewall group name cannot start with \"-\""
@@ -15,6 +12,9 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; \
 syntax:expression: pattern $VAR(@) "^[^!]" ; \
        "Firewall group name cannot start with \"!\""
 
+syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \
+       "Firewall group name cannot contain shell punctuation"
+
 create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \
           --action=create-set                 \
           --set-type=network                  \
diff --git a/templates/firewall/group/port-group/node.def b/templates/firewall/group/port-group/node.def
index 0500ac1..76fef9e 100644
--- a/templates/firewall/group/port-group/node.def
+++ b/templates/firewall/group/port-group/node.def
@@ -3,11 +3,8 @@ priority: 200
 type: txt
 help: Firewall port-group
 
-syntax:expression: exec "			        \
-        if [ `echo $VAR(@) | wc -c` -gt 31 ]; then      \
-          echo group name must be 31 characters or less;\
-          exit 1 ;                                      \
-        fi ; "
+syntax:expression: pattern $VAR(@) "^[[:graph:]]{1,31}$" ; \
+       "Firewall group name must be 31 characters or less"
 
 syntax:expression: pattern $VAR(@) "^[^-]" ; \
        "Firewall group name cannot start with \"-\""
@@ -15,6 +12,9 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; \
 syntax:expression: pattern $VAR(@) "^[^!]" ; \
        "Firewall group name cannot start with \"!\""
 
+syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \
+       "Firewall group name cannot contain shell punctuation"
+
 create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \
           --action=create-set                 \
           --set-type=port                     \