From af9b647c46b09a8ad84b68264fd2bfb65c9dd98e Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit.mehta@vyatta.com>
Date: Tue, 5 May 2009 11:34:06 -0700
Subject: * don't allow user to create a chain that exists in the system. This
 may be   either vyatta/user defined chains or system chains such as INPUT,
 OUTPUT etc. * don't allow user to create chains with name starting from
 'VZONE'. This is   reserved for zone chains created by us.

---
 scripts/firewall/vyatta-firewall.pl | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'scripts')

diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl
index 9328dfa..888563e 100755
--- a/scripts/firewall/vyatta-firewall.pl
+++ b/scripts/firewall/vyatta-firewall.pl
@@ -729,6 +729,10 @@ sub setup_chain {
     run_cmd("$iptables_cmd -t $table --new-chain $chain", 0, 0);
     die "iptables error: $table $chain --new-chain: $!" if ($? >> 8);
     set_default_policy($table, $chain, $iptables_cmd, $policy);
+  } else {
+      printf STDERR 'Firewall config error: '
+. "Chain \"$chain\" being used in system. Cannot use it as a ruleset name\n";
+      exit 1;
   }
 }
 
-- 
cgit v1.2.3