diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2011-10-27 18:14:55 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2011-10-27 18:14:55 +0000 |
commit | c7ac1b5b0cda5c37fae6a653d815932db4d6e311 (patch) | |
tree | c881173661b942f1f58706bd6a1181b7ece9de9e /package/firewall/files | |
parent | 69853cc4e861a6b589577535b1bf4a72fc267ca9 (diff) | |
download | upstream-c7ac1b5b0cda5c37fae6a653d815932db4d6e311.tar.gz upstream-c7ac1b5b0cda5c37fae6a653d815932db4d6e311.tar.bz2 upstream-c7ac1b5b0cda5c37fae6a653d815932db4d6e311.zip |
firewall: do not produce 0.0.0.0/0 if a symbolic masq_src or masq_dest is given but does not resolve to an ip
SVN-Revision: 28628
Diffstat (limited to 'package/firewall/files')
-rw-r--r-- | package/firewall/files/lib/core_init.sh | 4 | ||||
-rw-r--r-- | package/firewall/files/lib/fw.sh | 5 |
2 files changed, 6 insertions, 3 deletions
diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh index f2cde1c470..a0b095865e 100644 --- a/package/firewall/files/lib/core_init.sh +++ b/package/firewall/files/lib/core_init.sh @@ -247,13 +247,13 @@ fw_load_zone() { for msrc in ${zone_masq_src:-0.0.0.0/0}; do case "$msrc" in *.*) fw_get_negation msrc '-s' "$msrc" ;; - *) fw_get_subnet4 msrc '-s' "$msrc" ;; + *) fw_get_subnet4 msrc '-s' "$msrc" || break ;; esac for mdst in ${zone_masq_dest:-0.0.0.0/0}; do case "$mdst" in *.*) fw_get_negation mdst '-d' "$mdst" ;; - *) fw_get_subnet4 mdst '-d' "$mdst" ;; + *) fw_get_subnet4 mdst '-d' "$mdst" || break ;; esac fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst } diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh index 7922d222f8..0814ffc315 100644 --- a/package/firewall/files/lib/fw.sh +++ b/package/firewall/files/lib/fw.sh @@ -255,9 +255,12 @@ fw_get_subnet4() { [ "${_name#!}" != "$_name" ] && \ export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \ export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}" + return 0 ;; - *) export -n -- "$_var=" ;; esac + + export -n -- "$_var=" + return 1 } fw_check_icmptype4() { |