[Shorewall-devel] [PATCH] Allow numerical range of ids in uid/gid matching.

[Gergely Risko]

Hi,

I use this rule in my rules file:
DROP            $FW             net             -       -       -               
-               -               2000-2999
to disable everyone in the range from accessing the net, without knowing
apriori the list of users I want to disable.

This used to work with shorewall 4.0.15 (debian lenny), but doesn't work
anymore because of an additional regex check that has been added.

I attached a patch that fixes the issue for me.

Thanks,
Gergely Risko


>From a41d349e2548e8689a08278a9381800088c58c44 Mon Sep 17 00:00:00 2001
From: Gergely Risko <gerg...@risko.hu>
Date: Fri, 15 Jun 2012 16:42:12 +0200
Subject: [PATCH] Allow numerical range of ids in uid/gid matching.

---
 Shorewall/Perl/Shorewall/Chains.pm |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 5f9a393..709949d 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -4220,12 +4220,12 @@ sub do_user( $ ) {
 
 	if ( supplied $2 ) {
 	    $user  = $2;
-	    $user  = resolve_id( $user, 'user' ) unless $user =~ /\d+$/;
+	    $user  = resolve_id( $user, 'user' ) unless $user =~ /\d+(-\d+)?$/;
 	    $rule .= "${invert}--uid-owner $user ";
 	}
 
 	if ( $group ne '' ) {
-	    $group = resolve_id( $group, 'group' ) unless $group =~ /^\d+$/;
+	    $group = resolve_id( $group, 'group' ) unless $group =~ /^\d+(-\d+)?$/;
 	    $rule .= "${invert}--gid-owner $group ";
 	}
     } elsif ( $user =~ /^(!)?(.*)$/ ) {
@@ -4233,10 +4233,10 @@ sub do_user( $ ) {
 	$user   = $2;
 
 	fatal_error "Invalid USER/GROUP (!)" if $user eq '';
-	$user = resolve_id ($user, 'user' ) unless $user =~ /\d+$/;
+	$user = resolve_id ($user, 'user' ) unless $user =~ /\d+(-\d+)?$/;
 	$rule .= "${invert}--uid-owner $user ";
     } else {
-	$user  = resolve_id( $user, 'user' ) unless $user =~ /\d+$/;
+	$user  = resolve_id( $user, 'user' ) unless $user =~ /\d+(-\d+)?$/;
 	$rule .= "--uid-owner $user ";
     }
 
-- 
1.7.7.3


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel