From 30bbaa3692be511579acd8c1295b56c5872b1c26 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Mon, 6 May 2013 15:10:28 +0200 Subject: [PATCH] Family "any" is not applicable to ipsets, default to v4 and disallow "any" --- ipsets.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ipsets.c b/ipsets.c index b63db21..955d434 100644 --- a/ipsets.c +++ b/ipsets.c @@ -178,10 +178,10 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset) } if (!(ipset_types[i].optional & OPT_FAMILY) && - ipset->family != FW3_FAMILY_ANY) + ipset->family != FW3_FAMILY_V4) { warn_elem(e, "family ignored"); - ipset->family = FW3_FAMILY_ANY; + ipset->family = FW3_FAMILY_V4; } } @@ -208,6 +208,7 @@ fw3_alloc_ipset(void) INIT_LIST_HEAD(&ipset->datatypes); ipset->enabled = true; + ipset->family = FW3_FAMILY_V4; return ipset; } @@ -254,6 +255,10 @@ fw3_load_ipsets(struct fw3_state *state, struct uci_package *p) //{ // warn_elem(e, "has duplicated set name '%s'", ipset->name); //} + else if (ipset->family == FW3_FAMILY_ANY) + { + warn_elem(e, "must not have family 'any'"); + } else if (list_empty(&ipset->datatypes)) { warn_elem(e, "has no datatypes assigned"); @@ -300,8 +305,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state) ipset->portrange.port_min, ipset->portrange.port_max); } - if (ipset->family != FW3_FAMILY_ANY) - fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6"); + fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6"); if (ipset->timeout > 0) fw3_pr(" timeout %u", ipset->timeout); -- 2.25.1