From 9beeba732c2669024e76928cff12ef95e4f16c78 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 30 Apr 2022 18:37:24 +0200 Subject: firewall: T1230: fix validator for service alias names (e.g. ssmtp) --- src/validators/port-multi | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/validators/port-multi b/src/validators/port-multi index cef371563..bd6f0ef60 100755 --- a/src/validators/port-multi +++ b/src/validators/port-multi @@ -1,6 +1,7 @@ #!/usr/bin/python3 -import sys +from sys import argv +from sys import exit import re from vyos.util import read_file @@ -13,12 +14,18 @@ def get_services(): for line in service_data.split("\n"): if not line or line[0] == '#': continue - names.append(line.split(None, 1)[0]) + tmp = line.split() + names.append(tmp[0]) + if len(tmp) > 2: + # Add port aliases to service list, too + names.extend(tmp[2:]) + # remove duplicate entries (e.g. echo) from list + names = list(dict.fromkeys(names)) return names if __name__ == '__main__': - if len(sys.argv)>1: - ports = sys.argv[1].split(",") + if len(argv)>1: + ports = argv[1].split(",") services = get_services() for port in ports: @@ -28,18 +35,18 @@ if __name__ == '__main__': port_1, port_2 = port.split('-') if int(port_1) not in range(1, 65536) or int(port_2) not in range(1, 65536): print(f'Error: {port} is not a valid port range') - sys.exit(1) + exit(1) if int(port_1) > int(port_2): print(f'Error: {port} is not a valid port range') - sys.exit(1) + exit(1) elif port.isnumeric(): if int(port) not in range(1, 65536): print(f'Error: {port} is not a valid port') - sys.exit(1) + exit(1) elif port not in services: print(f'Error: {port} is not a valid service name') - sys.exit(1) + exit(1) else: - sys.exit(2) + exit(2) - sys.exit(0) + exit(0) -- cgit v1.2.3