diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2009-12-14 21:17:34 +0100 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2009-12-14 21:18:20 +0100 |
commit | 201fbd66cd60a86aa2002486fd729054e5bcd094 (patch) | |
tree | 1b8acd17cc5b539594ef1bc48ac7398c5578d687 | |
parent | d189221258fbd19f32f375aa1924b0ee5dd3e198 (diff) | |
download | pfsense-201fbd66cd60a86aa2002486fd729054e5bcd094.zip pfsense-201fbd66cd60a86aa2002486fd729054e5bcd094.tar.gz |
Make sure that hostnames inside a alias that does not resolve will not result in a unloadable ruleset.
-rw-r--r-- | etc/inc/filter.inc | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0e8fe87..8aec934 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -378,13 +378,23 @@ function filter_generate_scrubing() return $scrubrules; } -function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting) { +function filter_generate_nested_alias($name, $alias, $type, &$aliasnesting, &$aliasaddrnesting) { global $aliastable; $addresses = split(" ", $alias); $finallist = ""; $aliasnesting[$name] = $name; foreach ($addresses as $address) { + /* make sure to skip hostnames that do not resolve */ + if(($type == "network") || ($type == host)) { + $explode = explode("/", $address); + if(! is_ipaddr($explode[0])) { + if(! is_ipaddr(gethostbyname($explode[0]))) { + log_error("The hostname {$explode[0]} does not currently resolve, skipping"); + continue; + } + } + } $linelength = strlen($finallist); $tmpline = ""; if (is_alias($address)) { @@ -424,7 +434,7 @@ function filter_generate_aliases() { $extraalias = " " . link_ip_to_carp_interface($ip); $aliasnesting = array(); $aliasaddrnesting = array(); - $addrlist = filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting); + $addrlist = filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliased['type'], $aliasnesting, $aliasaddrnesting); if ($aliased['type'] == "host" || $aliased['type'] == "network") { $aliases .= "table <{$aliased['name']}> { {$addrlist}{$extralias} } \n"; $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; |