aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2011-10-22 20:11:25 +0000
committerJo-Philipp Wich <jow@openwrt.org>2011-10-22 20:11:25 +0000
commit9a61d9e513c5bfeff76bca1cd87a3f8651f4512b (patch)
treef498bd9453ca52147bd6fbdfd1d6d03c564f293d
parente0e73928da09c2fcc075fa1da22179468ef311f2 (diff)
downloadupstream-9a61d9e513c5bfeff76bca1cd87a3f8651f4512b.tar.gz
upstream-9a61d9e513c5bfeff76bca1cd87a3f8651f4512b.tar.bz2
upstream-9a61d9e513c5bfeff76bca1cd87a3f8651f4512b.zip
firewall: fix possible expansion of "*" when rules with "option src *" are processed
SVN-Revision: 28527
-rw-r--r--package/firewall/Makefile2
-rw-r--r--package/firewall/files/lib/fw.sh15
2 files changed, 11 insertions, 6 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 749f04a4b1..b0b946fd07 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
-PKG_RELEASE:=36
+PKG_RELEASE:=37
include $(INCLUDE_DIR)/package.mk
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index bf7156e8ce..a8a7911494 100644
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -211,12 +211,17 @@ fw_get_family_mode() {
local _mode="$4"
local _ipv4 _ipv6
- [ -n "$FW_ZONES4$FW_ZONES6" ] && {
- list_contains FW_ZONES4 $_zone && _ipv4=1 || _ipv4=0
- list_contains FW_ZONES6 $_zone && _ipv6=1 || _ipv6=0
+ [ "$_zone" != "*" ] && {
+ [ -n "$FW_ZONES4$FW_ZONES6" ] && {
+ list_contains FW_ZONES4 "$_zone" && _ipv4=1 || _ipv4=0
+ list_contains FW_ZONES6 "$_zone" && _ipv6=1 || _ipv6=0
+ } || {
+ _ipv4=$(uci_get_state firewall core "${_zone}_ipv4" 0)
+ _ipv6=$(uci_get_state firewall core "${_zone}_ipv6" 0)
+ }
} || {
- _ipv4=$(uci_get_state firewall core ${_zone}_ipv4 0)
- _ipv6=$(uci_get_state firewall core ${_zone}_ipv6 0)
+ _ipv4=1
+ _ipv6=1
}
case "$_hint:$_ipv4:$_ipv6" in