summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-04-30 18:37:24 +0200
committerChristian Poessinger <christian@poessinger.com>2022-04-30 18:37:27 +0200
commit9beeba732c2669024e76928cff12ef95e4f16c78 (patch)
treede60c7e0063eba536d3d9e19066ec76350c01b0d
parent42e823b823656205461e4243dc538f54f0087836 (diff)
downloadvyos-1x-9beeba732c2669024e76928cff12ef95e4f16c78.tar.gz
vyos-1x-9beeba732c2669024e76928cff12ef95e4f16c78.zip
firewall: T1230: fix validator for service alias names (e.g. ssmtp)
-rwxr-xr-xsrc/validators/port-multi27
1 files changed, 17 insertions, 10 deletions
diff --git a/src/validators/port-multi b/src/validators/port-multi
index cef371563..bd6f0ef60 100755
--- a/src/validators/port-multi
+++ b/src/validators/port-multi
@@ -1,6 +1,7 @@
#!/usr/bin/python3
-import sys
+from sys import argv
+from sys import exit
import re
from vyos.util import read_file
@@ -13,12 +14,18 @@ def get_services():
for line in service_data.split("\n"):
if not line or line[0] == '#':
continue
- names.append(line.split(None, 1)[0])
+ tmp = line.split()
+ names.append(tmp[0])
+ if len(tmp) > 2:
+ # Add port aliases to service list, too
+ names.extend(tmp[2:])
+ # remove duplicate entries (e.g. echo) from list
+ names = list(dict.fromkeys(names))
return names
if __name__ == '__main__':
- if len(sys.argv)>1:
- ports = sys.argv[1].split(",")
+ if len(argv)>1:
+ ports = argv[1].split(",")
services = get_services()
for port in ports:
@@ -28,18 +35,18 @@ if __name__ == '__main__':
port_1, port_2 = port.split('-')
if int(port_1) not in range(1, 65536) or int(port_2) not in range(1, 65536):
print(f'Error: {port} is not a valid port range')
- sys.exit(1)
+ exit(1)
if int(port_1) > int(port_2):
print(f'Error: {port} is not a valid port range')
- sys.exit(1)
+ exit(1)
elif port.isnumeric():
if int(port) not in range(1, 65536):
print(f'Error: {port} is not a valid port')
- sys.exit(1)
+ exit(1)
elif port not in services:
print(f'Error: {port} is not a valid service name')
- sys.exit(1)
+ exit(1)
else:
- sys.exit(2)
+ exit(2)
- sys.exit(0)
+ exit(0)