* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 214cc7b19528774eebc43e82d9c94c5e4592bc39
@ 2015-01-02 12:57 git
0 siblings, 0 replies; only message in thread
From: git @ 2015-01-02 12:57 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 3213 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 214cc7b19528774eebc43e82d9c94c5e4592bc39 (commit)
via d840d02aee26d2f71b9d411b1960eb5b2423b19a (commit)
from 132557976f619a6c9b361442d5c4993eee588cc2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 214cc7b19528774eebc43e82d9c94c5e4592bc39
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jan 2 12:27:47 2015 +0100
Add firewall changes to Core Update 86
commit d840d02aee26d2f71b9d411b1960eb5b2423b19a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jan 2 12:20:50 2015 +0100
firewall: Fix off-by-one error in configuration parser
The configuration parser determines how many comma-separated
values there are in a line. If new values are added we need
to check first if those are set in every line to avoid any
undefined behaviour. A wrong comparison parameter was used
which caused that the limit feature was never enabled in
the rule generation.
-----------------------------------------------------------------------
Summary of changes:
config/firewall/rules.pl | 12 ++++++------
config/rootfiles/core/86/filelists/files | 1 +
2 files changed, 7 insertions(+), 6 deletions(-)
Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 75a9357..a475e2d 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -280,7 +280,7 @@ sub buildrules {
# Concurrent connection limit
my @ratelimit_options = ();
- if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) {
+ if (($elements ge 34) && ($$hash{$key}[32] eq 'ON')) {
my $conn_limit = $$hash{$key}[33];
if ($conn_limit ge 1) {
@@ -296,13 +296,13 @@ sub buildrules {
}
# Ratelimit
- if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) {
+ if (($elements ge 37) && ($$hash{$key}[34] eq 'ON')) {
my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
- if ($rate_limit) {
- push(@ratelimit_options, ("-m", "limit"));
- push(@ratelimit_options, ("--limit", $rate_limit));
- }
+ if ($rate_limit) {
+ push(@ratelimit_options, ("-m", "limit"));
+ push(@ratelimit_options, ("--limit", $rate_limit));
+ }
}
# Check which protocols are used in this rule and so that we can
diff --git a/config/rootfiles/core/86/filelists/files b/config/rootfiles/core/86/filelists/files
index 63b9c5c..dcdb65c 100644
--- a/config/rootfiles/core/86/filelists/files
+++ b/config/rootfiles/core/86/filelists/files
@@ -1,6 +1,7 @@
etc/system-release
etc/issue
opt/pakfire/etc/pakfire.conf
+usr/lib/firewall/rules.pl
usr/local/bin/update-bootloader
var/ipfire/header.pl
var/ipfire/langs
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-01-02 12:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-02 12:57 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 214cc7b19528774eebc43e82d9c94c5e4592bc39 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox