From cd1d712a7c5ed432b709004e99b7208a1c88728e Mon Sep 17 00:00:00 2001 From: jow Date: Thu, 27 Oct 2011 18:14:55 +0000 Subject: [PATCH] [package] firewall: do not produce 0.0.0.0/0 if a symbolic masq_src or masq_dest is given but does not resolve to an ip git-svn-id: svn://svn.openwrt.org/openwrt/trunk@28628 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/firewall/Makefile | 2 +- package/firewall/files/lib/core_init.sh | 4 ++-- package/firewall/files/lib/fw.sh | 5 ++++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/package/firewall/Makefile b/package/firewall/Makefile index 637d0eccc..57a6e016a 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall PKG_VERSION:=2 -PKG_RELEASE:=39 +PKG_RELEASE:=40 include $(INCLUDE_DIR)/package.mk diff --git a/package/firewall/files/lib/core_init.sh b/package/firewall/files/lib/core_init.sh index f2cde1c47..a0b095865 100644 --- a/package/firewall/files/lib/core_init.sh +++ b/package/firewall/files/lib/core_init.sh @@ -247,13 +247,13 @@ fw_load_zone() { for msrc in ${zone_masq_src:-0.0.0.0/0}; do case "$msrc" in *.*) fw_get_negation msrc '-s' "$msrc" ;; - *) fw_get_subnet4 msrc '-s' "$msrc" ;; + *) fw_get_subnet4 msrc '-s' "$msrc" || break ;; esac for mdst in ${zone_masq_dest:-0.0.0.0/0}; do case "$mdst" in *.*) fw_get_negation mdst '-d' "$mdst" ;; - *) fw_get_subnet4 mdst '-d' "$mdst" ;; + *) fw_get_subnet4 mdst '-d' "$mdst" || break ;; esac fw add $mode n ${chain}_nat MASQUERADE $ { $msrc $mdst } diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh index 7922d222f..0814ffc31 100644 --- a/package/firewall/files/lib/fw.sh +++ b/package/firewall/files/lib/fw.sh @@ -255,9 +255,12 @@ fw_get_subnet4() { [ "${_name#!}" != "$_name" ] && \ export -n -- "$_var=! $_flag $_ipaddr/${_netmask:-255.255.255.255}" || \ export -n -- "$_var=$_flag $_ipaddr/${_netmask:-255.255.255.255}" + return 0 ;; - *) export -n -- "$_var=" ;; esac + + export -n -- "$_var=" + return 1 } fw_check_icmptype4() {