firewall: fix possible expansion of "*" when rules with "option src *" are processed
authorJo-Philipp Wich <jow@openwrt.org>
Sat, 22 Oct 2011 20:11:25 +0000 (20:11 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Sat, 22 Oct 2011 20:11:25 +0000 (20:11 +0000)
SVN-Revision: 28527

package/firewall/Makefile
package/firewall/files/lib/fw.sh

index 749f04a4b1b7768c7682a0a5c451ccb86423fdb1..b0b946fd072642b0e464b3004d67996b24f61647 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=36
+PKG_RELEASE:=37
 
 include $(INCLUDE_DIR)/package.mk
 
index bf7156e8cefebd4499bbc0534d9fb00922e09188..a8a791149478badda041dd01c1fa36179afc6428 100644 (file)
@@ -211,12 +211,17 @@ fw_get_family_mode() {
        local _mode="$4"
 
        local _ipv4 _ipv6
-       [ -n "$FW_ZONES4$FW_ZONES6" ] && {
-               list_contains FW_ZONES4 $_zone && _ipv4=1 || _ipv4=0
-               list_contains FW_ZONES6 $_zone && _ipv6=1 || _ipv6=0
+       [ "$_zone" != "*" ] && {
+               [ -n "$FW_ZONES4$FW_ZONES6" ] && {
+                       list_contains FW_ZONES4 "$_zone" && _ipv4=1 || _ipv4=0
+                       list_contains FW_ZONES6 "$_zone" && _ipv6=1 || _ipv6=0
+               } || {
+                       _ipv4=$(uci_get_state firewall core "${_zone}_ipv4" 0)
+                       _ipv6=$(uci_get_state firewall core "${_zone}_ipv6" 0)
+               }
        } || {
-               _ipv4=$(uci_get_state firewall core ${_zone}_ipv4 0)
-               _ipv6=$(uci_get_state firewall core ${_zone}_ipv6 0)
+               _ipv4=1
+               _ipv6=1
        }
 
        case "$_hint:$_ipv4:$_ipv6" in