projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Simplify ipset external checks and optionally initialize ispet name from external...
[project/firewall3.git]
/
rules.c
diff --git
a/rules.c
b/rules.c
index
287ad90
..
7f748eb
100644
(file)
--- a/
rules.c
+++ b/
rules.c
@@
-114,14
+114,14
@@
fw3_load_rules(struct fw3_state *state, struct uci_package *p)
continue;
}
else if (rule->src.set && !rule->src.any &&
continue;
}
else if (rule->src.set && !rule->src.any &&
- !(rule->_src = fw3_lookup_zone(state, rule->src.name
, false
)))
+ !(rule->_src = fw3_lookup_zone(state, rule->src.name)))
{
warn_elem(e, "refers to not existing zone '%s'", rule->src.name);
fw3_free_rule(rule);
continue;
}
else if (rule->dest.set && !rule->dest.any &&
{
warn_elem(e, "refers to not existing zone '%s'", rule->src.name);
fw3_free_rule(rule);
continue;
}
else if (rule->dest.set && !rule->dest.any &&
- !(rule->_dest = fw3_lookup_zone(state, rule->dest.name
, false
)))
+ !(rule->_dest = fw3_lookup_zone(state, rule->dest.name)))
{
warn_elem(e, "refers to not existing zone '%s'", rule->dest.name);
fw3_free_rule(rule);
{
warn_elem(e, "refers to not existing zone '%s'", rule->dest.name);
fw3_free_rule(rule);
@@
-134,7
+134,7
@@
fw3_load_rules(struct fw3_state *state, struct uci_package *p)
continue;
}
else if (rule->ipset.set && !rule->ipset.any &&
continue;
}
else if (rule->ipset.set && !rule->ipset.any &&
- !(rule->_ipset = fw3_lookup_ipset(state, rule->ipset.name
, false
)))
+ !(rule->_ipset = fw3_lookup_ipset(state, rule->ipset.name)))
{
warn_elem(e, "refers to unknown ipset '%s'", rule->ipset.name);
fw3_free_rule(rule);
{
warn_elem(e, "refers to unknown ipset '%s'", rule->ipset.name);
fw3_free_rule(rule);
@@
-365,6
+365,14
@@
expand_rule(struct fw3_state *state, enum fw3_family family,
return;
}
return;
}
+ if (!fw3_check_ipset(rule->_ipset))
+ {
+ info(" ! Skipping due to missing ipset '%s'",
+ rule->_ipset->external
+ ? rule->_ipset->external : rule->_ipset->name);
+ return;
+ }
+
set(rule->_ipset->flags, family, family);
}
set(rule->_ipset->flags, family, family);
}