summaryrefslogtreecommitdiffstats
path: root/package/firewall
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2010-09-16 11:47:35 +0000
committerJo-Philipp Wich <jow@openwrt.org>2010-09-16 11:47:35 +0000
commitf90328f26ef73fc5a0c2d9a751936e9af060ccba (patch)
tree8b43a2a7814861c1265ad9747419d8ad19be6c9f /package/firewall
parent4df10391ba87d347aebbcd20e1ab475690f07f80 (diff)
downloadmaster-31e0f0ae-f90328f26ef73fc5a0c2d9a751936e9af060ccba.tar.gz
master-31e0f0ae-f90328f26ef73fc5a0c2d9a751936e9af060ccba.tar.bz2
master-31e0f0ae-f90328f26ef73fc5a0c2d9a751936e9af060ccba.zip
firewall: make invalid redirects and duplicate zones non-fatal, print a notice and discard them
SVN-Revision: 23080
Diffstat (limited to 'package/firewall')
-rw-r--r--package/firewall/Makefile2
-rw-r--r--package/firewall/files/lib/core.sh6
-rw-r--r--package/firewall/files/lib/core_init.sh5
-rw-r--r--package/firewall/files/lib/core_redirect.sh9
4 files changed, 12 insertions, 10 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 8cf22e8348..93e41bf58f 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
-PKG_RELEASE:=15
+PKG_RELEASE:=16
include $(INCLUDE_DIR)/package.mk
diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index c350e8f0f6..c383597810 100644
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -107,10 +107,8 @@ fw_die() {
fw_log() {
local level="$1"
- [ -n "$2" ] || {
- shift
- level=notice
- }
+ [ -n "$2" ] && shift || level=notice
+ [ "$level" != error ] || echo "Error: $@" >&2
logger -t firewall -p user.$level "$@"
}
diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh
index e1f80ba3fc..56e19b7b86 100644
--- a/package/firewall/files/lib/core_init.sh
+++ b/package/firewall/files/lib/core_init.sh
@@ -42,7 +42,7 @@ fw_load_defaults() {
boolean disable_ipv6 0 \
} || return
[ -n "$FW_DEFAULTS_APPLIED" ] && {
- echo "Error: multiple defaults sections detected"
+ fw_log error "duplicate defaults section detected, skipping"
return 1
}
FW_DEFAULTS_APPLIED=1
@@ -159,7 +159,8 @@ fw_load_zone() {
fw_config_get_zone "$1"
list_contains FW_ZONES $zone_name && {
- fw_die "zone ${zone_name}: duplicated zone"
+ fw_log error "zone ${zone_name}: duplicated zone, skipping"
+ return 0
}
append FW_ZONES $zone_name
diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh
index 72364a99e9..3a37bb7ee6 100644
--- a/package/firewall/files/lib/core_redirect.sh
+++ b/package/firewall/files/lib/core_redirect.sh
@@ -30,7 +30,8 @@ fw_load_redirect() {
local fwdchain natchain natopt nataddr natports srcdaddr srcdports
if [ "$redirect_target" == "DNAT" ]; then
[ -n "$redirect_src" -a -n "$redirect_dest_ip$redirect_dest_port" ] || {
- fw_die "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port"
+ fw_log error "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port, skipping"
+ return 0
}
fwdchain="zone_${redirect_src}_forward"
@@ -48,7 +49,8 @@ fw_load_redirect() {
elif [ "$redirect_target" == "SNAT" ]; then
[ -n "$redirect_dest" -a -n "$redirect_src_dip" ] || {
- fw_die "SNAT redirect ${redirect_name}: needs dest and src_dip"
+ fw_log error "SNAT redirect ${redirect_name}: needs dest and src_dip, skipping"
+ return 0
}
fwdchain="${redirect_src:+zone_${redirect_src}_forward}"
@@ -65,7 +67,8 @@ fw_load_redirect() {
append FW_CONNTRACK_ZONES $redirect_dest
else
- fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT"
+ fw_log error "redirect ${redirect_name}: target must be either DNAT or SNAT, skipping"
+ return 0
fi
local mode