From 201fbd66cd60a86aa2002486fd729054e5bcd094 Mon Sep 17 00:00:00 2001 From: Seth Mos Date: Mon, 14 Dec 2009 21:17:34 +0100 Subject: Make sure that hostnames inside a alias that does not resolve will not result in a unloadable ruleset. --- etc/inc/filter.inc | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0e8fe87..8aec934 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -378,13 +378,23 @@ function filter_generate_scrubing() return $scrubrules; } -function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting) { +function filter_generate_nested_alias($name, $alias, $type, &$aliasnesting, &$aliasaddrnesting) { global $aliastable; $addresses = split(" ", $alias); $finallist = ""; $aliasnesting[$name] = $name; foreach ($addresses as $address) { + /* make sure to skip hostnames that do not resolve */ + if(($type == "network") || ($type == host)) { + $explode = explode("/", $address); + if(! is_ipaddr($explode[0])) { + if(! is_ipaddr(gethostbyname($explode[0]))) { + log_error("The hostname {$explode[0]} does not currently resolve, skipping"); + continue; + } + } + } $linelength = strlen($finallist); $tmpline = ""; if (is_alias($address)) { @@ -424,7 +434,7 @@ function filter_generate_aliases() { $extraalias = " " . link_ip_to_carp_interface($ip); $aliasnesting = array(); $aliasaddrnesting = array(); - $addrlist = filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting); + $addrlist = filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliased['type'], $aliasnesting, $aliasaddrnesting); if ($aliased['type'] == "host" || $aliased['type'] == "network") { $aliases .= "table <{$aliased['name']}> { {$addrlist}{$extralias} } \n"; $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; -- cgit v1.1