Changeset 23080


Ignore:
Timestamp:
2010-09-16T13:47:35+02:00 (7 years ago)
Author:
jow
Message:

[package] firewall: make invalid redirects and duplicate zones non-fatal, print a notice and discard them

Location:
trunk/package/firewall
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/package/firewall/Makefile

    r23064 r23080  
    1010 
    1111PKG_VERSION:=2 
    12 PKG_RELEASE:=15 
     12PKG_RELEASE:=16 
    1313 
    1414include $(INCLUDE_DIR)/package.mk 
  • trunk/package/firewall/files/lib/core.sh

    r23064 r23080  
    108108fw_log() { 
    109109        local level="$1" 
    110         [ -n "$2" ] || { 
    111                 shift 
    112                 level=notice 
    113         } 
     110        [ -n "$2" ] && shift || level=notice 
     111        [ "$level" != error ] || echo "Error: $@" >&2 
    114112        logger -t firewall -p user.$level "$@" 
    115113} 
  • trunk/package/firewall/files/lib/core_init.sh

    r23024 r23080  
    4343        } || return 
    4444        [ -n "$FW_DEFAULTS_APPLIED" ] && { 
    45                 echo "Error: multiple defaults sections detected" 
     45                fw_log error "duplicate defaults section detected, skipping" 
    4646                return 1 
    4747        } 
     
    160160 
    161161        list_contains FW_ZONES $zone_name && { 
    162                 fw_die "zone ${zone_name}: duplicated zone" 
     162                fw_log error "zone ${zone_name}: duplicated zone, skipping" 
     163                return 0 
    163164        } 
    164165        append FW_ZONES $zone_name 
  • trunk/package/firewall/files/lib/core_redirect.sh

    r23024 r23080  
    3131        if [ "$redirect_target" == "DNAT" ]; then 
    3232                [ -n "$redirect_src" -a -n "$redirect_dest_ip$redirect_dest_port" ] || { 
    33                         fw_die "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port" 
     33                        fw_log error "DNAT redirect ${redirect_name}: needs src and dest_ip or dest_port, skipping" 
     34                        return 0 
    3435                } 
    3536 
     
    4950        elif [ "$redirect_target" == "SNAT" ]; then 
    5051                [ -n "$redirect_dest" -a -n "$redirect_src_dip" ] || { 
    51                         fw_die "SNAT redirect ${redirect_name}: needs dest and src_dip" 
     52                        fw_log error "SNAT redirect ${redirect_name}: needs dest and src_dip, skipping" 
     53                        return 0 
    5254                } 
    5355 
     
    6668 
    6769        else 
    68                 fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT" 
     70                fw_log error "redirect ${redirect_name}: target must be either DNAT or SNAT, skipping" 
     71                return 0 
    6972        fi 
    7073 
Note: See TracChangeset for help on using the changeset viewer.