summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/include/nat-address-port.xml.i9
-rwxr-xr-xsrc/validators/ipv4-address-exclude7
-rwxr-xr-xsrc/validators/ipv4-prefix-exclude7
-rwxr-xr-xsrc/validators/ipv4-range33
-rwxr-xr-xsrc/validators/ipv4-range-exclude7
5 files changed, 47 insertions, 16 deletions
diff --git a/interface-definitions/include/nat-address-port.xml.i b/interface-definitions/include/nat-address-port.xml.i
index 0848364ff..8705d31cb 100644
--- a/interface-definitions/include/nat-address-port.xml.i
+++ b/interface-definitions/include/nat-address-port.xml.i
@@ -25,7 +25,14 @@
<format>!ipv4range</format>
<description>Match everything except the specified range</description>
</valueHelp>
- <!-- TODO: add general iptables constraint script -->
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv4-range"/>
+ <validator name="ipv4-address-exclude"/>
+ <validator name="ipv4-prefix-exclude"/>
+ <validator name="ipv4-range-exclude"/>
+ </constraint>
</properties>
</leafNode>
<leafNode name="port">
diff --git a/src/validators/ipv4-address-exclude b/src/validators/ipv4-address-exclude
new file mode 100755
index 000000000..80ad17d45
--- /dev/null
+++ b/src/validators/ipv4-address-exclude
@@ -0,0 +1,7 @@
+#!/bin/sh
+arg="$1"
+if [ "${arg:0:1}" != "!" ]; then
+ exit 1
+fi
+path=$(dirname "$0")
+${path}/ipv4-address "${arg:1}"
diff --git a/src/validators/ipv4-prefix-exclude b/src/validators/ipv4-prefix-exclude
new file mode 100755
index 000000000..4f7de400a
--- /dev/null
+++ b/src/validators/ipv4-prefix-exclude
@@ -0,0 +1,7 @@
+#!/bin/sh
+arg="$1"
+if [ "${arg:0:1}" != "!" ]; then
+ exit 1
+fi
+path=$(dirname "$0")
+${path}/ipv4-prefix "${arg:1}"
diff --git a/src/validators/ipv4-range b/src/validators/ipv4-range
index 0d707d6c5..ae3f3f163 100755
--- a/src/validators/ipv4-range
+++ b/src/validators/ipv4-range
@@ -7,24 +7,27 @@ ip2dec () {
printf '%d\n' "$((a * 256 ** 3 + b * 256 ** 2 + c * 256 + d))"
}
-# This only works with real bash (<<<) - split IP addresses into array with
-# hyphen as delimiter
-readarray -d - -t strarr <<< $1
+# Only run this if there is a hypen present in $1
+if [[ "$1" =~ "-" ]]; then
+ # This only works with real bash (<<<) - split IP addresses into array with
+ # hyphen as delimiter
+ readarray -d - -t strarr <<< $1
-ipaddrcheck --is-ipv4-single ${strarr[0]}
-if [ $? -gt 0 ]; then
- exit 1
-fi
+ ipaddrcheck --is-ipv4-single ${strarr[0]}
+ if [ $? -gt 0 ]; then
+ exit 1
+ fi
-ipaddrcheck --is-ipv4-single ${strarr[1]}
-if [ $? -gt 0 ]; then
- exit 1
-fi
+ ipaddrcheck --is-ipv4-single ${strarr[1]}
+ if [ $? -gt 0 ]; then
+ exit 1
+ fi
-start=$(ip2dec ${strarr[0]})
-stop=$(ip2dec ${strarr[1]})
-if [ $start -ge $stop ]; then
- exit 1
+ start=$(ip2dec ${strarr[0]})
+ stop=$(ip2dec ${strarr[1]})
+ if [ $start -ge $stop ]; then
+ exit 1
+ fi
fi
exit 0
diff --git a/src/validators/ipv4-range-exclude b/src/validators/ipv4-range-exclude
new file mode 100755
index 000000000..3787b4dec
--- /dev/null
+++ b/src/validators/ipv4-range-exclude
@@ -0,0 +1,7 @@
+#!/bin/sh
+arg="$1"
+if [ "${arg:0:1}" != "!" ]; then
+ exit 1
+fi
+path=$(dirname "$0")
+${path}/ipv4-range "${arg:1}"