#287 patch for pf compiler

open-fixed
pf compiler (6)
1
2011-06-22
2011-06-17
Anonymous
No

as we noticed, when no certain service is specified, it is translated to {tcp udp icmp} in pf-terms. however, people usually expect any, not just this 3 certain protocols. for instance, we were missing gre. I suggest not to add "proto {tcp udp icmp}" if "any" service is chosen. patch is applied:

--- ./fwbuilder-4.2.2.3541/src/pflib/NATCompiler_pf_writers.cpp.orig 2011-06-17 07:46:59.000000000 +0400
+++ ./fwbuilder-4.2.2.3541/src/pflib/NATCompiler_pf_writers.cpp 2011-06-17 07:48:56.000000000 +0400
@@ -389,8 +389,7 @@
if ( !TagService::isA(srv))
{
string s = srv->getProtocolName();
- if (s=="ip" || s=="any") s="{tcp udp icmp}";
- compiler->output << "proto " << s << " ";
+ if (s!="ip" && s!="any") compiler->output << "proto " << s << " ";
}
}

Discussion

  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-06-17
     
  • Mike Horn

    Mike Horn - 2011-06-17

    Thank you for finding this and offering a patch. Even though the patch is small we need it to be submitted under the MIT license. So that we have it for our records can you please send the patch file with the MIT license included at the top of the file to support@netcitadel.com.

    You can find a copy of the MIT license text at the OSI site here:

    http://www.opensource.org/licenses/mit-license.php

    Thanks!

     
  • Vadim Kurland

    Vadim Kurland - 2011-06-22
    • priority: 5 --> 1
    • status: open --> open-fixed
     
  • Mike Horn

    Mike Horn - 2011-06-22

    Please note that since we didn't receive the patch under MIT license unfortunately we were not able to apply it. We fixed the issue identified by your bug report in an alternative way that is consistent with other sections of the code.

    We definitely appreciate code contributions, so please feel free to submit them including the MIT license in the file. Thanks!

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-08-09

    surely, I'll send it soon.

    I'm not sure that patch requires separate LICENSE, it is not a separate thing, I didn't fork it, so we are not talking about something completely different (and I cannot fork the project under different LICENSE).

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks