From f90328f26ef73fc5a0c2d9a751936e9af060ccba Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 16 Sep 2010 11:47:35 +0000 Subject: [PATCH] firewall: make invalid redirects and duplicate zones non-fatal, print a notice and discard them SVN-Revision: 23080 --- package/firewall/Makefile | 2 +- package/firewall/files/lib/core.sh | 6 ++---- package/firewall/files/lib/core_init.sh | 5 +++-- package/firewall/files/lib/core_redirect.sh | 9 ++++++--- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/package/firewall/Makefile b/package/firewall/Makefile index 8cf22e83489..93e41bf58f1 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=15 +PKG_RELEASE:=16 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh index c350e8f0f61..c383597810e 100644 --- a/package/firewall/files/lib/core.sh +++ b/package/firewall/files/lib/core.sh @@ -107,10 +107,8 @@ fw_die() { fw_log() { local level="$1" - [ -n "$2" ] || { - shift - level=notice - } + [ -n "$2" ] && shift || level=notice + [ "$level" != error ] || echo "Error: $@" >&2 logger -t firewall -p user.$level "$@" } diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh index e1f80ba3fca..56e19b7b86e 100644 --- a/package/firewall/files/lib/core_init.sh +++ b/package/firewall/files/lib/core_init.sh @@ -42,7 +42,7 @@ fw_load_defaults() { boolean disable_ipv6 0 \ } || return [ -n "$FW_DEFAULTS_APPLIED" ] && { - echo "Error: multiple defaults sections detected" + fw_log error "duplicate defaults section detected, skipping" return 1 } FW_DEFAULTS_APPLIED=1 @@ -159,7 +159,8 @@ fw_load_zone() { fw_config_get_zone "$1" list_contains FW_ZONES $zone_name && { - fw_die "zone ${zone_name}: duplicated zone" + fw_log error "zone ${zone_name}: duplicated zone, skipping" + return 0 } append FW_ZONES $zone_name diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh index 72364a99e95..3a37bb7ee6f 100644 --- a/package/firewall/files/lib/core_redirect.sh +++ b/package/firewall/files/lib/core_redirect.sh @@ -30,7 +30,8 @@ fw_load_redirect() { local fwdchain natchain natopt nataddr natports srcdaddr srcdports if [ "$redirect_target" == "DNAT" ]; then [ -n "$redirect_src" -a -n "$redirect_dest_ip$redirect_dest_port" ] || { - fw_die "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port" + fw_log error "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port, skipping" + return 0 } fwdchain="zone_${redirect_src}_forward" @@ -48,7 +49,8 @@ fw_load_redirect() { elif [ "$redirect_target" == "SNAT" ]; then [ -n "$redirect_dest" -a -n "$redirect_src_dip" ] || { - fw_die "SNAT redirect ${redirect_name}: needs dest and src_dip" + fw_log error "SNAT redirect ${redirect_name}: needs dest and src_dip, skipping" + return 0 } fwdchain="${redirect_src:+zone_${redirect_src}_forward}" @@ -65,7 +67,8 @@ fw_load_redirect() { append FW_CONNTRACK_ZONES $redirect_dest else - fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT" + fw_log error "redirect ${redirect_name}: target must be either DNAT or SNAT, skipping" + return 0 fi local mode -- 2.30.2