Merge pull request #1152 from sarthurdev/firewall_validators

firewall: validators: T4148: Improve validators and firewall validator usage
author: Christian Poessinger <christian@poessinger.com> 2022-01-10 22:31:55 +0100
committer: GitHub <noreply@github.com> 2022-01-10 22:31:55 +0100
commit: 465939d9c9b413c7033c8833cbb4ebc30b9bcf66 (patch)
tree: 361079ff54ed2c5516cc86a8644e98ce629d2a73 /src/validators/port-multi
parent: fd1b1ff19b0ff852d796e979ab3b596651686f2f (diff)
parent: 0a0e7d789e7e482b65cbca47bff1dcb427891a88 (diff)
download: vyos-1x-465939d9c9b413c7033c8833cbb4ebc30b9bcf66.tar.gz
vyos-1x-465939d9c9b413c7033c8833cbb4ebc30b9bcf66.zip
1 files changed, 43 insertions, 0 deletions
diff --git a/src/validators/port-multi b/src/validators/port-multi
new file mode 100755
index 000000000..763d34e57
--- /dev/null
+++ b/src/validators/port-multi
@@ -0,0 +1,43 @@
+#!/usr/bin/python3
+
+import sys
+import re
+
+from vyos.util import read_file
+
+services_file = '/etc/services'
+
+def get_services():
+    names = []
+    service_data = read_file(services_file, "")
+    for line in service_data.split("\n"):
+        if not line or line[0] == '#':
+            continue
+        names.append(line.split(None, 1)[0])
+    return names
+
+if __name__ == '__main__':
+    if len(sys.argv)>1:
+        ports = sys.argv[1].split(",")
+        services = get_services()
+
+        for port in ports:
+            if re.match('^[0-9]{1,5}-[0-9]{1,5}$', port):
+                port_1, port_2 = port.split('-')
+                if int(port_1) not in range(1, 65535) or int(port_2) not in range(1, 65535):
+                    print(f'Error: {port} is not a valid port range')
+                    sys.exit(1)
+                if int(port_1) > int(port_2):
+                    print(f'Error: {port} is not a valid port range')
+                    sys.exit(1)
+            elif port.isnumeric():
+                if int(port) not in range(1, 65535):
+                    print(f'Error: {port} is not a valid port')
+                    sys.exit(1)
+            elif port not in services:
+                print(f'Error: {port} is not a valid service name')
+                sys.exit(1)
+    else:
+        sys.exit(2)
+
+    sys.exit(0)
author	Christian Poessinger <christian@poessinger.com>	2022-01-10 22:31:55 +0100
committer	GitHub <noreply@github.com>	2022-01-10 22:31:55 +0100
commit	465939d9c9b413c7033c8833cbb4ebc30b9bcf66 (patch)
tree	361079ff54ed2c5516cc86a8644e98ce629d2a73 /src/validators/port-multi
parent	fd1b1ff19b0ff852d796e979ab3b596651686f2f (diff)
parent	0a0e7d789e7e482b65cbca47bff1dcb427891a88 (diff)
download	vyos-1x-465939d9c9b413c7033c8833cbb4ebc30b9bcf66.tar.gz vyos-1x-465939d9c9b413c7033c8833cbb4ebc30b9bcf66.zip