diff options
| -rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 4 | ||||
| -rw-r--r-- | templates/firewall/ipv6-modify/node.def | 2 | ||||
| -rw-r--r-- | templates/firewall/ipv6-name/node.def | 2 | ||||
| -rw-r--r-- | templates/firewall/modify/node.def | 2 | ||||
| -rw-r--r-- | templates/firewall/name/node.def | 2 |
5 files changed, 12 insertions, 0 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index 9328dfa..888563e 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -729,6 +729,10 @@ sub setup_chain { run_cmd("$iptables_cmd -t $table --new-chain $chain", 0, 0); die "iptables error: $table $chain --new-chain: $!" if ($? >> 8); set_default_policy($table, $chain, $iptables_cmd, $policy); + } else { + printf STDERR 'Firewall config error: ' +. "Chain \"$chain\" being used in system. Cannot use it as a ruleset name\n"; + exit 1; } } diff --git a/templates/firewall/ipv6-modify/node.def b/templates/firewall/ipv6-modify/node.def index 65272de..5b4c8ac 100644 --- a/templates/firewall/ipv6-modify/node.def +++ b/templates/firewall/ipv6-modify/node.def @@ -12,6 +12,8 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" +syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\"" + end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify "$VAR(@)" ; then if [ ${COMMIT_ACTION} = 'DELETE' ] ; diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def index 65a5377..d60808b 100644 --- a/templates/firewall/ipv6-name/node.def +++ b/templates/firewall/ipv6-name/node.def @@ -12,6 +12,8 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" +syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\"" + end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name "$VAR(@)" ; then if [ ${COMMIT_ACTION} = 'DELETE' ] ; diff --git a/templates/firewall/modify/node.def b/templates/firewall/modify/node.def index b7ec4a4..c9d6dc0 100644 --- a/templates/firewall/modify/node.def +++ b/templates/firewall/modify/node.def @@ -10,6 +10,8 @@ syntax:expression: exec " \ syntax:expression: pattern $VAR(@) "^[^-]" ; "Modify rule set name cannot start with \"-\"" +syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\"" + syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify "$VAR(@)" ; diff --git a/templates/firewall/name/node.def b/templates/firewall/name/node.def index 4030170..4bde06a 100644 --- a/templates/firewall/name/node.def +++ b/templates/firewall/name/node.def @@ -10,6 +10,8 @@ syntax:expression: exec " \ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot start with \"-\"" +syntax:expression: pattern $VAR(@) "^[^VZONE]" ; "Firewall rule set name cannot start with \"VZONE\"" + syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name "$VAR(@)" ; |