firewall: make invalid redirects and duplicate zones non-fatal, print a notice and discard them

SVN-Revision: 23080
This commit is contained in:
Jo-Philipp Wich 2010-09-16 11:47:35 +00:00
parent 4df10391ba
commit f90328f26e
4 changed files with 12 additions and 10 deletions

View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall PKG_NAME:=firewall
PKG_VERSION:=2 PKG_VERSION:=2
PKG_RELEASE:=15 PKG_RELEASE:=16
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk

View File

@ -107,10 +107,8 @@ fw_die() {
fw_log() { fw_log() {
local level="$1" local level="$1"
[ -n "$2" ] || { [ -n "$2" ] && shift || level=notice
shift [ "$level" != error ] || echo "Error: $@" >&2
level=notice
}
logger -t firewall -p user.$level "$@" logger -t firewall -p user.$level "$@"
} }

View File

@ -42,7 +42,7 @@ fw_load_defaults() {
boolean disable_ipv6 0 \ boolean disable_ipv6 0 \
} || return } || return
[ -n "$FW_DEFAULTS_APPLIED" ] && { [ -n "$FW_DEFAULTS_APPLIED" ] && {
echo "Error: multiple defaults sections detected" fw_log error "duplicate defaults section detected, skipping"
return 1 return 1
} }
FW_DEFAULTS_APPLIED=1 FW_DEFAULTS_APPLIED=1
@ -159,7 +159,8 @@ fw_load_zone() {
fw_config_get_zone "$1" fw_config_get_zone "$1"
list_contains FW_ZONES $zone_name && { list_contains FW_ZONES $zone_name && {
fw_die "zone ${zone_name}: duplicated zone" fw_log error "zone ${zone_name}: duplicated zone, skipping"
return 0
} }
append FW_ZONES $zone_name append FW_ZONES $zone_name

View File

@ -30,7 +30,8 @@ fw_load_redirect() {
local fwdchain natchain natopt nataddr natports srcdaddr srcdports local fwdchain natchain natopt nataddr natports srcdaddr srcdports
if [ "$redirect_target" == "DNAT" ]; then if [ "$redirect_target" == "DNAT" ]; then
[ -n "$redirect_src" -a -n "$redirect_dest_ip$redirect_dest_port" ] || { [ -n "$redirect_src" -a -n "$redirect_dest_ip$redirect_dest_port" ] || {
fw_die "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port" fw_log error "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port, skipping"
return 0
} }
fwdchain="zone_${redirect_src}_forward" fwdchain="zone_${redirect_src}_forward"
@ -48,7 +49,8 @@ fw_load_redirect() {
elif [ "$redirect_target" == "SNAT" ]; then elif [ "$redirect_target" == "SNAT" ]; then
[ -n "$redirect_dest" -a -n "$redirect_src_dip" ] || { [ -n "$redirect_dest" -a -n "$redirect_src_dip" ] || {
fw_die "SNAT redirect ${redirect_name}: needs dest and src_dip" fw_log error "SNAT redirect ${redirect_name}: needs dest and src_dip, skipping"
return 0
} }
fwdchain="${redirect_src:+zone_${redirect_src}_forward}" fwdchain="${redirect_src:+zone_${redirect_src}_forward}"
@ -65,7 +67,8 @@ fw_load_redirect() {
append FW_CONNTRACK_ZONES $redirect_dest append FW_CONNTRACK_ZONES $redirect_dest
else else
fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT" fw_log error "redirect ${redirect_name}: target must be either DNAT or SNAT, skipping"
return 0
fi fi
local mode local mode