diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-04-30 18:37:24 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2022-04-30 18:37:27 +0200 |
commit | 9beeba732c2669024e76928cff12ef95e4f16c78 (patch) | |
tree | de60c7e0063eba536d3d9e19066ec76350c01b0d /src/validators/port-multi | |
parent | 42e823b823656205461e4243dc538f54f0087836 (diff) | |
download | vyos-1x-9beeba732c2669024e76928cff12ef95e4f16c78.tar.gz vyos-1x-9beeba732c2669024e76928cff12ef95e4f16c78.zip |
firewall: T1230: fix validator for service alias names (e.g. ssmtp)
Diffstat (limited to 'src/validators/port-multi')
-rwxr-xr-x | src/validators/port-multi | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/src/validators/port-multi b/src/validators/port-multi index cef371563..bd6f0ef60 100755 --- a/src/validators/port-multi +++ b/src/validators/port-multi @@ -1,6 +1,7 @@ #!/usr/bin/python3 -import sys +from sys import argv +from sys import exit import re from vyos.util import read_file @@ -13,12 +14,18 @@ def get_services(): for line in service_data.split("\n"): if not line or line[0] == '#': continue - names.append(line.split(None, 1)[0]) + tmp = line.split() + names.append(tmp[0]) + if len(tmp) > 2: + # Add port aliases to service list, too + names.extend(tmp[2:]) + # remove duplicate entries (e.g. echo) from list + names = list(dict.fromkeys(names)) return names if __name__ == '__main__': - if len(sys.argv)>1: - ports = sys.argv[1].split(",") + if len(argv)>1: + ports = argv[1].split(",") services = get_services() for port in ports: @@ -28,18 +35,18 @@ if __name__ == '__main__': port_1, port_2 = port.split('-') if int(port_1) not in range(1, 65536) or int(port_2) not in range(1, 65536): print(f'Error: {port} is not a valid port range') - sys.exit(1) + exit(1) if int(port_1) > int(port_2): print(f'Error: {port} is not a valid port range') - sys.exit(1) + exit(1) elif port.isnumeric(): if int(port) not in range(1, 65536): print(f'Error: {port} is not a valid port') - sys.exit(1) + exit(1) elif port not in services: print(f'Error: {port} is not a valid service name') - sys.exit(1) + exit(1) else: - sys.exit(2) + exit(2) - sys.exit(0) + exit(0) |