| Message ID | 20210412060545.10016-1-alexander.marx@ipfire.org |
|---|---|
| State | Accepted |
| Commit | feef6aca68a3b7953c09e3abc9e5a18e9fa3a4eb |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FJdX059f4z44QW for <patchwork@web04.haj.ipfire.org>; Mon, 12 Apr 2021 06:05:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FJdX02nhVz6Cb; Mon, 12 Apr 2021 06:05:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FJdX0197Hz2yTN; Mon, 12 Apr 2021 06:05:52 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FJdWz3nS1z2xFh for <development@lists.ipfire.org>; Mon, 12 Apr 2021 06:05:51 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FJdWy5wffzmW; Mon, 12 Apr 2021 06:05:50 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1618207550; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8e8bP0GsDNxtr0sZl7CE/LFxsDjtP1iMBM6H1QPDB64=; b=BybvDb558z04Ux2okkQpf49fUanrJuLtgsifKrGo3a/nNfNpyxs93sHTSZ0Az9EO3VGtXJ ywZGMUh7AWzKBoAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1618207550; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8e8bP0GsDNxtr0sZl7CE/LFxsDjtP1iMBM6H1QPDB64=; b=r8radMJHuMGGrGii3Y3vU8NkeDf5xQLEjgNZtwtMZQS3ILksXtUoSxIo1bKhLgzOwKXCbj umx2pFsMZ/UayNRRgIxroa3vDFFwWenSOKJvVblXYlS7Jbxo7p3iMOdoMANSncMaNAx56s C9FIdgXAjXdNaEqc4CQ63i9bi0kX74PkFcLOwlsjrACAg8WqrgNHQEcOPq7hlLWcDyn/td usonLA4fKnPCW0c1xxSNHZLl2Sm8QYx+/85h/0iJU9B0Ak0Kg3Qqp6QfsfbdEaHeqOptiY jzTIbZThgjr97qHntidnfURJzK2waVh6kuHw/vv8droD8tmR3fa13dQWHGBhjA== From: Alexander Marx <alexander.marx@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] =?utf-8?b?QlVHMTIzMDE6IElwdGFibGVzIOKAnGhvc3QvbmV0d29yayA=?= =?utf-8?b?4oCYbm9uZeKAmSBub3QgZm91bmTigJ0=?= Date: Mon, 12 Apr 2021 08:05:45 +0200 Message-Id: <20210412060545.10016-1-alexander.marx@ipfire.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
BUG12301: Iptables “host/network ‘none’ not found”
|
|
Commit Message
Alexander Marx
April 12, 2021, 6:05 a.m. UTC
Fixes: #12301 When using hosts with MAC-addresses in a hostgroup, the rule won't be generated if those hosts are selected as target. There is a hint but due to a wrong hashparameter the hint was not shown. With this patch the hint is shown again. Additionally the rule is skipped when rules.pl creates rules. There are no bootmessages with failed target "none" anymore. --- config/firewall/firewall-lib.pl | 4 ++-- html/cgi-bin/firewall.cgi | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)
Comments
Hi, > On 12 Apr 2021, at 07:05, Alexander Marx <alexander.marx@ipfire.org> wrote: > > Fixes: #12301 > > When using hosts with MAC-addresses in a hostgroup, > the rule won't be generated if those hosts are selected as target. > There is a hint but due to a wrong hashparameter the hint was not shown. > > With this patch the hint is shown again. > Additionally the rule is skipped when rules.pl creates rules. > > There are no bootmessages with failed target "none" anymore. > --- > config/firewall/firewall-lib.pl | 4 ++-- > html/cgi-bin/firewall.cgi | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl > index bc0b30ca5..e7ec30ae0 100644 > --- a/config/firewall/firewall-lib.pl > +++ b/config/firewall/firewall-lib.pl > @@ -2,7 +2,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> # > +# Copyright (C) 2021 Alexander Marx <amarx@ipfire.org> # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -315,7 +315,7 @@ sub get_addresses > foreach my $grp (sort {$a <=> $b} keys %customgrp) { > if ($customgrp{$grp}[0] eq $value) { > my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type); > - > + next if ($address[0][0] eq 'none'); A comment for these rather obscure things would not hurt, but technically I agree with how this is solved. > if (@address) { > push(@addresses, @address); > } > diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi > index 1483e779f..b0851dd3e 100644 > --- a/html/cgi-bin/firewall.cgi > +++ b/html/cgi-bin/firewall.cgi > @@ -592,7 +592,7 @@ sub checktarget > &General::readhasharray("$confighost", \%customhost); > foreach my $grpkey (sort keys %customgrp){ > foreach my $hostkey (sort keys %customhost){ > - if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[2] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){ > + if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[0] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){ What has changed here? > $hint=$Lang::tr{'fwdfw hint mac'}; > return $hint; > } > — > 2.25.1 > Best, -Michael
Hello, > On 12 Apr 2021, at 11:23, Alexander Marx <alexander.marx@ipfire.org> wrote: > > > > Am 12.04.21 um 12:18 schrieb Michael Tremer: >> Hi, >> >>> On 12 Apr 2021, at 07:05, Alexander Marx <alexander.marx@ipfire.org> wrote: >>> >>> Fixes: #12301 >>> >>> When using hosts with MAC-addresses in a hostgroup, >>> the rule won't be generated if those hosts are selected as target. >>> There is a hint but due to a wrong hashparameter the hint was not shown. >>> >>> With this patch the hint is shown again. >>> Additionally the rule is skipped when rules.pl creates rules. >>> >>> There are no bootmessages with failed target "none" anymore. >>> --- >>> config/firewall/firewall-lib.pl | 4 ++-- >>> html/cgi-bin/firewall.cgi | 2 +- >>> 2 files changed, 3 insertions(+), 3 deletions(-) >>> >>> diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl >>> index bc0b30ca5..e7ec30ae0 100644 >>> --- a/config/firewall/firewall-lib.pl >>> +++ b/config/firewall/firewall-lib.pl >>> @@ -2,7 +2,7 @@ >>> ############################################################################### >>> # # >>> # IPFire.org - A linux based firewall # >>> -# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> # >>> +# Copyright (C) 2021 Alexander Marx <amarx@ipfire.org> # >>> # # >>> # This program is free software: you can redistribute it and/or modify # >>> # it under the terms of the GNU General Public License as published by # >>> @@ -315,7 +315,7 @@ sub get_addresses >>> foreach my $grp (sort {$a <=> $b} keys %customgrp) { >>> if ($customgrp{$grp}[0] eq $value) { >>> my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type); >>> - >>> + next if ($address[0][0] eq 'none'); >> A comment for these rather obscure things would not hurt, but technically I agree with how this is solved. >> >> >> >>> if (@address) { >>> push(@addresses, @address); >>> } >>> diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi >>> index 1483e779f..b0851dd3e 100644 >>> --- a/html/cgi-bin/firewall.cgi >>> +++ b/html/cgi-bin/firewall.cgi >>> @@ -592,7 +592,7 @@ sub checktarget >>> &General::readhasharray("$confighost", \%customhost); >>> foreach my $grpkey (sort keys %customgrp){ >>> foreach my $hostkey (sort keys %customhost){ >>> - if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[2] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){ >>> + if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[0] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){ >> What has changed here? > only the hashfield > > $customgrp{$grpkey}[0] (was 2 before) Yes I saw that, but what does that change? -Michael P.S. Do not forget to CC the list > >> >>> $hint=$Lang::tr{'fwdfw hint mac'}; >>> return $hint; >>> } >>> — >>> 2.25.1 >>> >> Best, >> -Michael
Am 12.04.21 um 12:23 schrieb Michael Tremer: > Hello, > >> On 12 Apr 2021, at 11:23, Alexander Marx <alexander.marx@ipfire.org> wrote: >> >> >> >> Am 12.04.21 um 12:18 schrieb Michael Tremer: >>> Hi, >>> >>>> On 12 Apr 2021, at 07:05, Alexander Marx <alexander.marx@ipfire.org> wrote: >>>> >>>> Fixes: #12301 >>>> >>>> When using hosts with MAC-addresses in a hostgroup, >>>> the rule won't be generated if those hosts are selected as target. >>>> There is a hint but due to a wrong hashparameter the hint was not shown. >>>> >>>> With this patch the hint is shown again. >>>> Additionally the rule is skipped when rules.pl creates rules. >>>> >>>> There are no bootmessages with failed target "none" anymore. >>>> --- >>>> config/firewall/firewall-lib.pl | 4 ++-- >>>> html/cgi-bin/firewall.cgi | 2 +- >>>> 2 files changed, 3 insertions(+), 3 deletions(-) >>>> >>>> diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl >>>> index bc0b30ca5..e7ec30ae0 100644 >>>> --- a/config/firewall/firewall-lib.pl >>>> +++ b/config/firewall/firewall-lib.pl >>>> @@ -2,7 +2,7 @@ >>>> ############################################################################### >>>> # # >>>> # IPFire.org - A linux based firewall # >>>> -# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> # >>>> +# Copyright (C) 2021 Alexander Marx <amarx@ipfire.org> # >>>> # # >>>> # This program is free software: you can redistribute it and/or modify # >>>> # it under the terms of the GNU General Public License as published by # >>>> @@ -315,7 +315,7 @@ sub get_addresses >>>> foreach my $grp (sort {$a <=> $b} keys %customgrp) { >>>> if ($customgrp{$grp}[0] eq $value) { >>>> my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type); >>>> - >>>> + next if ($address[0][0] eq 'none'); >>> A comment for these rather obscure things would not hurt, but technically I agree with how this is solved. >>> >>> >>> >>>> if (@address) { >>>> push(@addresses, @address); >>>> } >>>> diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi >>>> index 1483e779f..b0851dd3e 100644 >>>> --- a/html/cgi-bin/firewall.cgi >>>> +++ b/html/cgi-bin/firewall.cgi >>>> @@ -592,7 +592,7 @@ sub checktarget >>>> &General::readhasharray("$confighost", \%customhost); >>>> foreach my $grpkey (sort keys %customgrp){ >>>> foreach my $hostkey (sort keys %customhost){ >>>> - if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[2] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){ >>>> + if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[0] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){ >>> What has changed here? >> only the hashfield >> >> $customgrp{$grpkey}[0] (was 2 before) > Yes I saw that, but what does that change? > > -Michael > > P.S. Do not forget to CC the list Thats the indicator to show the Hint. When someone has hostgroups with macaddresses as target, the hint is shown. Because this Value was 2 instead of 0, the hint was never shown.... > >>>> $hint=$Lang::tr{'fwdfw hint mac'}; >>>> return $hint; >>>> } >>>> — >>>> 2.25.1 >>>> >>> Best, >>> -Michael
Hello Michael, the patch looks fine to me too. Technically the solution for "none" will work pretty fine. > > > Am 12.04.21 um 12:23 schrieb Michael Tremer: > > Hello, > > > > > On 12 Apr 2021, at 11:23, Alexander Marx < > > > alexander.marx@ipfire.org> wrote: > > > > > > > > > > > > Am 12.04.21 um 12:18 schrieb Michael Tremer: > > > > Hi, > > > > > > > > > On 12 Apr 2021, at 07:05, Alexander Marx < > > > > > alexander.marx@ipfire.org> wrote: > > > > > > > > > > Fixes: #12301 > > > > > > > > > > When using hosts with MAC-addresses in a hostgroup, > > > > > the rule won't be generated if those hosts are selected as > > > > > target. > > > > > There is a hint but due to a wrong hashparameter the hint was > > > > > not shown. > > > > > > > > > > With this patch the hint is shown again. > > > > > Additionally the rule is skipped when rules.pl creates rules. > > > > > > > > > > There are no bootmessages with failed target "none" anymore. > > > > > --- > > > > > config/firewall/firewall-lib.pl | 4 ++-- > > > > > html/cgi-bin/firewall.cgi | 2 +- > > > > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > > > > > > > diff --git a/config/firewall/firewall-lib.pl > > > > > b/config/firewall/firewall-lib.pl > > > > > index bc0b30ca5..e7ec30ae0 100644 > > > > > --- a/config/firewall/firewall-lib.pl > > > > > +++ b/config/firewall/firewall-lib.pl > > > > > @@ -2,7 +2,7 @@ > > > > > ############################################################# > > > > > ################## > > > > > # > > > > > # > > > > > # IPFire.org - A linux based > > > > > firewall # > > > > > -# Copyright (C) 2013 Alexander Marx > > > > > <amarx@ipfire.org> # > > > > > +# Copyright (C) 2021 Alexander Marx > > > > > <amarx@ipfire.org> # > > > > > # > > > > > # > > > > > # This program is free software: you can redistribute it > > > > > and/or modify # > > > > > # it under the terms of the GNU General Public License as > > > > > published by # > > > > > @@ -315,7 +315,7 @@ sub get_addresses > > > > > foreach my $grp (sort {$a <=> $b} keys > > > > > %customgrp) { > > > > > if ($customgrp{$grp}[0] eq $value) { > > > > > my @address = > > > > > &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], > > > > > $type); > > > > > - > > > > > + next if ($address[0][0] eq > > > > > 'none'); > > > > A comment for these rather obscure things would not hurt, but > > > > technically I agree with how this is solved. > > > > > > > > > > > > > > > > > if (@address) { > > > > > push(@addresses, > > > > > @address); > > > > > } > > > > > diff --git a/html/cgi-bin/firewall.cgi b/html/cgi- > > > > > bin/firewall.cgi > > > > > index 1483e779f..b0851dd3e 100644 > > > > > --- a/html/cgi-bin/firewall.cgi > > > > > +++ b/html/cgi-bin/firewall.cgi > > > > > @@ -592,7 +592,7 @@ sub checktarget > > > > > &General::readhasharray("$confighost", > > > > > \%customhost); > > > > > foreach my $grpkey (sort keys %customgrp){ > > > > > foreach my $hostkey (sort keys > > > > > %customhost){ > > > > > - if ($customgrp{$grpkey}[2] eq > > > > > $customhost{$hostkey}[0] && $customgrp{$grpkey}[2] eq > > > > > $fwdfwsettings{$fwdfwsettings{'grp2'}} && > > > > > $customhost{$hostkey}[1] eq 'mac'){ > > > > > + if ($customgrp{$grpkey}[2] eq > > > > > $customhost{$hostkey}[0] && $customgrp{$grpkey}[0] eq > > > > > $fwdfwsettings{$fwdfwsettings{'grp2'}} && > > > > > $customhost{$hostkey}[1] eq 'mac'){ > > > > What has changed here? > > > only the hashfield > > > > > > $customgrp{$grpkey}[0] (was 2 before) > > Yes I saw that, but what does that change? > > > > -Michael > > > > P.S. Do not forget to CC the list > Thats the indicator to show the Hint. When someone has hostgroups > with > macaddresses as target, the hint is shown. > Because this Value was 2 instead of 0, the hint was never shown.... Previously the check was performed against the hostgroup name which never would contain a valid MAC address. With the changed value now the check for a MAC address will be performed on each configured host inside the group what is what we want. > > > > > > > > $hint=$Lang::tr{'fwdf > > > > > w hint mac'}; > > > > > return $hint; > > > > > } > > > > > — > > > > > 2.25.1 > > > > > > > > > Best, > > > > -Michael > Acked-by: Stefan Schantl <stefan.schantl@ipfire.org> Best regards, -Stefan
diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index bc0b30ca5..e7ec30ae0 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> # +# Copyright (C) 2021 Alexander Marx <amarx@ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -315,7 +315,7 @@ sub get_addresses foreach my $grp (sort {$a <=> $b} keys %customgrp) { if ($customgrp{$grp}[0] eq $value) { my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type); - + next if ($address[0][0] eq 'none'); if (@address) { push(@addresses, @address); } diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index 1483e779f..b0851dd3e 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -592,7 +592,7 @@ sub checktarget &General::readhasharray("$confighost", \%customhost); foreach my $grpkey (sort keys %customgrp){ foreach my $hostkey (sort keys %customhost){ - if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[2] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){ + if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customgrp{$grpkey}[0] eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $customhost{$hostkey}[1] eq 'mac'){ $hint=$Lang::tr{'fwdfw hint mac'}; return $hint; }