diff mbox series

rules.pl: Fix creating rules for location based groups.

Message ID 20220323170852.2964-1-stefan.schantl@ipfire.org
State Accepted
Commit abf148cebd8a8ed30c1a4f2807bb0608eec5b026
Headers
Series rules.pl: Fix creating rules for location based groups. |

Commit Message

Stefan Schantl March 23, 2022, 5:08 p.m. UTC 
  The former used hash value only contains the country code when
a rule for a single country should be created.

In case a location group is used the hash value refers to the group name,
which does not work here.

The required country code is part of the processed string and can be omitted
from here. This works well for single codes and location groups, because those
are processed in a loop.

Fixes #12809.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/firewall/rules.pl | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Comments

Peter Müller March 23, 2022, 5:12 p.m. UTC | #1 
Acked-by: Peter Müller <peter.mueller@ipfire.org>

> The former used hash value only contains the country code when
> a rule for a single country should be created.
> 
> In case a location group is used the hash value refers to the group name,
> which does not work here.
> 
> The required country code is part of the processed string and can be omitted
> from here. This works well for single codes and location groups, because those
> are processed in a loop.
> 
> Fixes #12809.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
>  config/firewall/rules.pl | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index d71304986..19dc7a6d1 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -411,8 +411,9 @@ sub buildrules {
>  					if ($source =~ /mac/) {
>  						push(@source_options, $source);
>  					} elsif ($source =~ /-m set/) {
> -						# Grab location code from hash.
> -						my $loc_src = $$hash{$key}[4];
> +						# Split given arguments into single chunks to
> +						# obtain the set name.
> +						my ($a, $b, $c, $loc_src, $e) = split(/ /, $source);
>  
>  						# Call function to load the networks list for this country.
>  						&ipset_restore($loc_src);
> @@ -425,8 +426,9 @@ sub buildrules {
>  					# Prepare destination options.
>  					my @destination_options = ();
>  					if ($destination =~ /-m set/) {
> -						# Grab location code from hash.
> -						my $loc_dst = $$hash{$key}[6];
> +						# Split given arguments into single chunks to
> +						# obtain the set name.
> +						my ($a, $b, $c, $loc_dst, $e) = split(/ /, $destination);
>  
>  						# Call function to load the networks list for this country.
>  						&ipset_restore($loc_dst);
diff mbox series

Patch

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index d71304986..19dc7a6d1 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -411,8 +411,9 @@  sub buildrules {
 					if ($source =~ /mac/) {
 						push(@source_options, $source);
 					} elsif ($source =~ /-m set/) {
-						# Grab location code from hash.
-						my $loc_src = $$hash{$key}[4];
+						# Split given arguments into single chunks to
+						# obtain the set name.
+						my ($a, $b, $c, $loc_src, $e) = split(/ /, $source);
 
 						# Call function to load the networks list for this country.
 						&ipset_restore($loc_src);
@@ -425,8 +426,9 @@  sub buildrules {
 					# Prepare destination options.
 					my @destination_options = ();
 					if ($destination =~ /-m set/) {
-						# Grab location code from hash.
-						my $loc_dst = $$hash{$key}[6];
+						# Split given arguments into single chunks to
+						# obtain the set name.
+						my ($a, $b, $c, $loc_dst, $e) = split(/ /, $destination);
 
 						# Call function to load the networks list for this country.
 						&ipset_restore($loc_dst);