From patchwork Wed Mar 23 17:08:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 5397 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4KNvw62hBjz3xlr for ; Wed, 23 Mar 2022 17:09:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4KNvw50GTPz3gR; Wed, 23 Mar 2022 17:09:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4KNvw45ZKcz2yVN; Wed, 23 Mar 2022 17:09:08 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4KNvw345mYz2xGV for ; Wed, 23 Mar 2022 17:09:07 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4KNvvz5Z9Rz1hX; Wed, 23 Mar 2022 17:09:03 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1648055344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YWPAy+x0j+qhks2AUHZTLdAv4GOCGEEUSffDrWsT3Nk=; b=aizboPKaKJSwwpQRJyrAxlSSypc931OIuB07W54TxQJZW2SGrI7HY35VpH3K+1c4I2TuGn UHXDUDyyxtSdwtAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1648055344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YWPAy+x0j+qhks2AUHZTLdAv4GOCGEEUSffDrWsT3Nk=; b=VDthPdJq/F3PyHcvjpeWDqC7YhWS2nzfAR/rXU5kA6ystq8NHTY0OySnBS+B2Ceh0hqDPB gYWyAUwy6a9Nhbkv/0eDrtuaZfz9P/eBaHdCAw/o4Huo/MBz68w0qmPoazZRR+R1XuHzxu ODRSc4R4oJFtG54xCejlqkREwDw9jNv5vac0C5t4Dsbba2jqcVYZw1M3NNOR4zU30PnbGz eXvS7wgCMHUM6nWw3rtwMLMw2ktUyNT9C9PP3v0DyimuyRX0WJtJi5gCtjkrj74cT3Lfcl 0wO4pOgWPFi6hQFlCvjFD6EP2gp4mHDGnYCvMcwUBXQACWtvbEWLgRXLGsrlhg== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] rules.pl: Fix creating rules for location based groups. Date: Wed, 23 Mar 2022 18:08:52 +0100 Message-Id: <20220323170852.2964-1-stefan.schantl@ipfire.org> In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" The former used hash value only contains the country code when a rule for a single country should be created. In case a location group is used the hash value refers to the group name, which does not work here. The required country code is part of the processed string and can be omitted from here. This works well for single codes and location groups, because those are processed in a loop. Fixes #12809. Signed-off-by: Stefan Schantl Acked-by: Peter Müller --- config/firewall/rules.pl | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index d71304986..19dc7a6d1 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -411,8 +411,9 @@ sub buildrules { if ($source =~ /mac/) { push(@source_options, $source); } elsif ($source =~ /-m set/) { - # Grab location code from hash. - my $loc_src = $$hash{$key}[4]; + # Split given arguments into single chunks to + # obtain the set name. + my ($a, $b, $c, $loc_src, $e) = split(/ /, $source); # Call function to load the networks list for this country. &ipset_restore($loc_src); @@ -425,8 +426,9 @@ sub buildrules { # Prepare destination options. my @destination_options = (); if ($destination =~ /-m set/) { - # Grab location code from hash. - my $loc_dst = $$hash{$key}[6]; + # Split given arguments into single chunks to + # obtain the set name. + my ($a, $b, $c, $loc_dst, $e) = split(/ /, $destination); # Call function to load the networks list for this country. &ipset_restore($loc_dst);