From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] firewall: Avoid creating a rule that permits all traffic on
 invalid source
Date: Tue, 17 Jan 2023 13:41:44 +0000
Message-ID: <20230117134144.2763140-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2913812425263020122=="
List-Id: <development.lists.ipfire.org>

--===============2913812425263020122==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

The firewall engine generated rules that did not have any traffic
selectors due to an improperly initialized variable in the source.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 config/firewall/rules.pl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 30ad20df1..1b628df16 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -401,6 +401,9 @@ sub buildrules {
 					$source = "";
 				}
 
+				# Make sure that $source is properly defined
+				next unless (defined $source);
+
 				my $source_intf = @$src[1];
 
 				foreach my $dst (@destinations) {
-- 
2.30.2


--===============2913812425263020122==--