[packages/firewall-init-ipchains.git] / firewall-init-syntax_verify.patch

--- firewall-init-2.1/firewall.init.orig	Mon Nov 11 10:48:08 2002
+++ firewall-init-2.1/firewall.init	Mon Mar 29 09:16:27 2004
@@ -23,6 +23,12 @@
 
 [ -f /sbin/ipchains ] || exit 0
 
+syntax_error ()
+{
+	echo $2: "$(nls "$1")"
+	echo "$3"
+}
+
 ipv4_forward_set ()
 {
 	# Turn IP forwarding on or off. We do this before bringing up the
@@ -97,48 +103,150 @@
 	for CHAIN in ${FILES}; do
 	    if [ -s ${CHAIN} ]; then
 		grep -v '^#' ${CHAIN} | grep -v '^$' | \
-		while read POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS ; do
+		while read LINE; do
+		#POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS
+		    LINE2=`echo $LINE`
+		    POLICY=${LINE2%% *}
+		    LINE2=${LINE2#$POLICY}; LINE2=${LINE2# }
 		    case "${POLICY}" in
-		     [Nn][Oo][Nn][Ee])
+		      [Nn][Oo][Nn][Ee])
 			    POLICY=''
 			    ;;
-		     *)
+		      *)
 		     	    POLICY="-j ${POLICY}"
 			    ;;
 		    esac
+		    PROTO=${LINE2%% *}
+		    LINE2=${LINE2#$PROTO}; LINE2=${LINE2# }
+		    case "${PROTO}" in
+		      [Aa][Nn][Yy])
+			    PROTO=''
+			    ;;
+		      !)
+			    PROTO2=${LINE2%% *}
+			    LINE2=${LINE2#$PROTO2}; LINE2=${LINE2# }
+			    PROTO="-p ! ${PROTO2}"
+			    ;;
+		      *)
+			    PROTO="-p ${PROTO}"
+		    esac
+		    SADDR=${LINE2%% *}
+		    LINE2=${LINE2#$SADDR}; LINE2=${LINE2# }
+		    case "${SADDR}" in
+		      !)
+			    SADDR2=${LINE2%% *}
+			    LINE2=${LINE2#$SADDR2}; LINE2=${LINE2# }
+			    SADDR="! ${SADDR2}"
+			    ;;
+		    esac
+		    SPORT=${LINE2%% *}
+		    LINE2=${LINE2#$SPORT}; LINE2=${LINE2# }
+		    DADDR=''
 		    case "${SPORT}" in
 		      0:65535|[Aa][Nn][Yy])
 			    SPORT=''
 			    ;;
+		      */*|*.*.*.*)
+			    DADDR="${SPORT}"
+			    SPORT=''
+			    ;;
+		      !)
+			    SPORT2=${LINE2%% *}
+			    LINE2=${LINE2#$SPORT2}; LINE2=${LINE2# }
+			    case "${SPORT2}" in
+			      */*|*.*.*.*)
+				    DADDR="! ${SPORT2}"
+				    SPORT=''
+				    ;;
+			      *)
+				    if [ -z "$PROTO" ]; then
+					syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE"
+				    else
+					SPORT="! ${SPORT2}"
+				    fi
+			    esac
+			    ;;
+		      *)
+			    if [ -z "$PROTO" ]; then
+				syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE"
+			    fi
+		    esac
+		    if [ -z "${DADDR}" ]; then
+			DADDR=${LINE2%% *}
+			LINE2=${LINE2#$DADDR}; LINE2=${LINE2# }
+		    fi
+		    case "${DADDR}" in
+		      !)
+			    DADDR2=${LINE2%% *}
+			    LINE2=${LINE2#$DADDR2}; LINE2=${LINE2# }
+			    DADDR="! ${DADDR2}"
+			    ;;
 		    esac
+		    DPORT=${LINE2%% *}
+		    LINE2=${LINE2#$DPORT}; LINE2=${LINE2# }
+		    IFACE=''
 		    case "${DPORT}" in
 		      0:65535|[Aa][Nn][Yy])
 			    DPORT=''
 			    ;;
+		      eth[+0-9]*|lo|ppp[+0-9]*|tunl[+0-9]*)
+			    IFACE="${DPORT}"
+			    DPORT=''
+			    ;;
+		      !)
+			    DPORT2=${LINE2%% *}
+			    LINE2=${LINE2#$DPORT2}; LINE2=${LINE2# }
+			    case "${DPORT2}" in
+			      eth[+0-9]*|lo|ppp[+0-9]*|tunl[+0-9]*)
+				    IFACE="! ${DPORT2}"
+				    DPORT=''
+				    ;;
+			      *)
+				    if [ -z "$PROTO" ]; then
+					syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE"
+				    else
+					DPORT="! ${DPORT2}"
+				    fi
+			    esac
+			    ;;
+		      *)
+			    if [ -z "$PROTO" ]; then
+				syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE"
+			    fi
 		    esac
+		    if [ -z "${IFACE}" ]; then
+			IFACE=${LINE2%% *}
+			LINE2=${LINE2#$IFACE}; LINE2=${LINE2# }
+		    fi
 		    case "${IFACE}" in
 		      [Aa][Nn][Yy])
 			    IFACE=''
 			    ;;
+		      !)
+			    IFACE2=${LINE2%% *}
+			    LINE2=${LINE2#$IFACE2}; LINE2=${LINE2# }
+			    IFACE="-i ! ${IFACE2}"
+			    ;;
 		      *)
 			    IFACE="-i ${IFACE}"
 			    ;;
 		    esac
-		    /sbin/ipchains -A ${CHAIN} -p ${PROTO} ${IFACE} \
+		    OPTIONS=$LINE2
+		    /sbin/ipchains -A ${CHAIN} ${PROTO} ${IFACE} \
 		    		-s ${SADDR} ${SPORT} -d ${DADDR} ${DPORT} ${POLICY} ${OPTIONS} 2>> /tmp/.firewall
 		done
 	    fi
 	done
 	
 	for MODNAME in ${MASQ_MODS}; do
-		insmod ${MODNAME} > /dev/null 2> /dev/null
+	    insmod ${MODNAME} > /dev/null 2> /dev/null
 	done
 	
 	if [ -s /tmp/.firewall ]; then
 	    grep -v '^Try' < /tmp/.firewall | logger -t 'firewall' -p user.notice
 	    deltext
 	    fail
-	    echo 'PROBLEMS SETTING UP FIREWALL.  CHECK /var/log/messages!'
+	    echo $(nls 'PROBLEMS SETTING UP FIREWALL.  CHECK /var/log/messages!')
 	else
 	    deltext
 	    ok
@@ -155,7 +263,7 @@
 	/sbin/ipchains -X
 
 	for MODNAME in ${MASQ_MODS}; do
-		rmmod ${MODNAME} > /dev/null 2> /dev/null
+	    rmmod ${MODNAME} > /dev/null 2> /dev/null
 	done
 
 	deltext
Commit	Line	Data
5c831dc9	1	--- firewall-init-2.1/firewall.init.orig Mon Nov 11 10:48:08 2002
	2	+++ firewall-init-2.1/firewall.init Mon Mar 29 09:16:27 2004
	3	@@ -23,6 +23,12 @@
	4
	5	[ -f /sbin/ipchains ] \|\| exit 0
	6
	7	+syntax_error ()
	8	+{
	9	+ echo $2: "$(nls "$1")"
	10	+ echo "$3"
	11	+}
	12	+
	13	ipv4_forward_set ()
	14	{
	15	# Turn IP forwarding on or off. We do this before bringing up the
	16	@@ -97,48 +103,150 @@
	17	for CHAIN in ${FILES}; do
	18	if [ -s ${CHAIN} ]; then
	19	grep -v '^#' ${CHAIN} \| grep -v '^$' \| \
	20	- while read POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS ; do
	21	+ while read LINE; do
	22	+ #POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS
	23	+ LINE2=`echo $LINE`
	24	+ POLICY=${LINE2%% *}
	25	+ LINE2=${LINE2#$POLICY}; LINE2=${LINE2# }
	26	case "${POLICY}" in
	27	- [Nn][Oo][Nn][Ee])
	28	+ [Nn][Oo][Nn][Ee])
	29	POLICY=''
	30	;;
	31	- *)
	32	+ *)
	33	POLICY="-j ${POLICY}"
	34	;;
	35	esac
	36	+ PROTO=${LINE2%% *}
	37	+ LINE2=${LINE2#$PROTO}; LINE2=${LINE2# }
	38	+ case "${PROTO}" in
	39	+ [Aa][Nn][Yy])
	40	+ PROTO=''
	41	+ ;;
	42	+ !)
	43	+ PROTO2=${LINE2%% *}
	44	+ LINE2=${LINE2#$PROTO2}; LINE2=${LINE2# }
	45	+ PROTO="-p ! ${PROTO2}"
	46	+ ;;
	47	+ *)
	48	+ PROTO="-p ${PROTO}"
	49	+ esac
	50	+ SADDR=${LINE2%% *}
	51	+ LINE2=${LINE2#$SADDR}; LINE2=${LINE2# }
	52	+ case "${SADDR}" in
	53	+ !)
	54	+ SADDR2=${LINE2%% *}
	55	+ LINE2=${LINE2#$SADDR2}; LINE2=${LINE2# }
	56	+ SADDR="! ${SADDR2}"
	57	+ ;;
	58	+ esac
	59	+ SPORT=${LINE2%% *}
	60	+ LINE2=${LINE2#$SPORT}; LINE2=${LINE2# }
	61	+ DADDR=''
	62	case "${SPORT}" in
	63	0:65535\|[Aa][Nn][Yy])
	64	SPORT=''
65	;;
66	+ /\|...)
67	+ DADDR="${SPORT}"
68	+ SPORT=''
69	+ ;;
70	+ !)
71	+ SPORT2=${LINE2%% *}
72	+ LINE2=${LINE2#$SPORT2}; LINE2=${LINE2# }
73	+ case "${SPORT2}" in
74	+ /\|...)
75	+ DADDR="! ${SPORT2}"
76	+ SPORT=''
77	+ ;;
78	+ *)
79	+ if [ -z "$PROTO" ]; then
80	+ syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE"
81	+ else
82	+ SPORT="! ${SPORT2}"
83	+ fi
84	+ esac
85	+ ;;
86	+ *)
87	+ if [ -z "$PROTO" ]; then
88	+ syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE"
89	+ fi
90	+ esac
91	+ if [ -z "${DADDR}" ]; then
92	+ DADDR=${LINE2%% *}
93	+ LINE2=${LINE2#$DADDR}; LINE2=${LINE2# }
94	+ fi
95	+ case "${DADDR}" in
96	+ !)
97	+ DADDR2=${LINE2%% *}
98	+ LINE2=${LINE2#$DADDR2}; LINE2=${LINE2# }
99	+ DADDR="! ${DADDR2}"
100	+ ;;
101	esac
102	+ DPORT=${LINE2%% *}
103	+ LINE2=${LINE2#$DPORT}; LINE2=${LINE2# }
104	+ IFACE=''
105	case "${DPORT}" in
106	0:65535\|[Aa][Nn][Yy])
107	DPORT=''
108	;;
109	+ eth[+0-9]\|lo\|ppp[+0-9]\|tunl[+0-9]*)
110	+ IFACE="${DPORT}"
111	+ DPORT=''
112	+ ;;
113	+ !)
114	+ DPORT2=${LINE2%% *}
115	+ LINE2=${LINE2#$DPORT2}; LINE2=${LINE2# }
116	+ case "${DPORT2}" in
117	+ eth[+0-9]\|lo\|ppp[+0-9]\|tunl[+0-9]*)
118	+ IFACE="! ${DPORT2}"
119	+ DPORT=''
120	+ ;;
121	+ *)
122	+ if [ -z "$PROTO" ]; then
123	+ syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE"
124	+ else
125	+ DPORT="! ${DPORT2}"
126	+ fi
127	+ esac
128	+ ;;
129	+ *)
130	+ if [ -z "$PROTO" ]; then
131	+ syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE"
132	+ fi
133	esac
134	+ if [ -z "${IFACE}" ]; then
135	+ IFACE=${LINE2%% *}
136	+ LINE2=${LINE2#$IFACE}; LINE2=${LINE2# }
137	+ fi
138	case "${IFACE}" in
139	[Aa][Nn][Yy])
140	IFACE=''
141	;;
142	+ !)
143	+ IFACE2=${LINE2%% *}
144	+ LINE2=${LINE2#$IFACE2}; LINE2=${LINE2# }
145	+ IFACE="-i ! ${IFACE2}"
146	+ ;;
147	*)
148	IFACE="-i ${IFACE}"
149	;;
150	esac
151	- /sbin/ipchains -A ${CHAIN} -p ${PROTO} ${IFACE} \
152	+ OPTIONS=$LINE2
153	+ /sbin/ipchains -A ${CHAIN} ${PROTO} ${IFACE} \
154	-s ${SADDR} ${SPORT} -d ${DADDR} ${DPORT} ${POLICY} ${OPTIONS} 2>> /tmp/.firewall
155	done
156	fi
157	done
158
159	for MODNAME in ${MASQ_MODS}; do
160	- insmod ${MODNAME} > /dev/null 2> /dev/null
161	+ insmod ${MODNAME} > /dev/null 2> /dev/null
162	done
163
164	if [ -s /tmp/.firewall ]; then
165	grep -v '^Try' < /tmp/.firewall \| logger -t 'firewall' -p user.notice
166	deltext
167	fail
168	- echo 'PROBLEMS SETTING UP FIREWALL. CHECK /var/log/messages!'
169	+ echo $(nls 'PROBLEMS SETTING UP FIREWALL. CHECK /var/log/messages!')
170	else
171	deltext
172	ok
173	@@ -155,7 +263,7 @@
174	/sbin/ipchains -X
175
176	for MODNAME in ${MASQ_MODS}; do
177	- rmmod ${MODNAME} > /dev/null 2> /dev/null
178	+ rmmod ${MODNAME} > /dev/null 2> /dev/null
179	done
180
181	deltext