From c7ac1b5b0cda5c37fae6a653d815932db4d6e311 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Thu, 27 Oct 2011 18:14:55 +0000
Subject: [PATCH] firewall: do not produce 0.0.0.0/0 if a symbolic masq_src or
masq_dest is given but does not resolve to an ip
SVN-Revision: 28628
---
package/firewall/Makefile | 2 +-
package/firewall/files/lib/core_init.sh | 4 ++--
package/firewall/files/lib/fw.sh | 5 ++++-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 637d0ecccb..57a6e016ab 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
-PKG_RELEASE:=39
+PKG_RELEASE:=40
include $(INCLUDE_DIR)/package.mk
diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh
index f2cde1c470..a0b095865e 100644
--- a/package/firewall/files/lib/core_init.sh
+++ b/package/firewall/files/lib/core_init.sh
@@ -247,13 +247,13 @@ fw_load_zone() {
for msrc in ${zone_masq_src:-0.0.0.0/0}; do
case "$msrc" in
*.*) fw_get_negation msrc '-s' "$msrc" ;;
- *) fw_get_subnet4 msrc '-s' "$msrc" ;;
+ *) fw_get_subnet4 msrc '-s' "$msrc" || break ;;
esac
for mdst in ${zone_masq_dest:-0.0.0.0/0}; do
case "$mdst" in
*.*) fw_get_negation mdst '-d' "$mdst" ;;
- *) fw_get_subnet4 mdst '-d' "$mdst" ;;
+ *) fw_get_subnet4 mdst '-d' "$mdst" || break ;;
esac
fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst }
diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index 7922d222f8..0814ffc315 100644
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -255,9 +255,12 @@ fw_get_subnet4() {
[ "${_name#!}" != "$_name" ] && \
export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \
export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}"
+ return 0
;;
- *) export -n -- "$_var=" ;;
esac
+
+ export -n -- "$_var="
+ return 1
}
fw_check_icmptype4() {
--
GitLab