firewall: Avoid creating a rule that permits all traffic on invalid source
Commit Message
The firewall engine generated rules that did not have any traffic
selectors due to an improperly initialized variable in the source.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
config/firewall/rules.pl | 3 +++
1 file changed, 3 insertions(+)
Comments
Acked-by: Peter Müller <peter.mueller@ipfire.org>
> The firewall engine generated rules that did not have any traffic
> selectors due to an improperly initialized variable in the source.
>
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
> config/firewall/rules.pl | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 30ad20df1..1b628df16 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -401,6 +401,9 @@ sub buildrules {
> $source = "";
> }
>
> + # Make sure that $source is properly defined
> + next unless (defined $source);
> +
> my $source_intf = @$src[1];
>
> foreach my $dst (@destinations) {
@@ -401,6 +401,9 @@ sub buildrules {
$source = "";
}
+ # Make sure that $source is properly defined
+ next unless (defined $source);
+
my $source_intf = @$src[1];
foreach my $dst (@destinations) {