Skip to content

Commit 3c9b379

Browse files
mboelenmboelen
authored
Merge pull request #1561 from nser77/nser77-patch-1
FIRE-4508 - Portability, hardening and output
2 parents f6275f6 + 86dd94c commit 3c9b379

File tree

1 file changed

+27
-27
lines changed

1 file changed

+27
-27
lines changed

include/tests_firewalls

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -137,43 +137,43 @@
137137
if [ "${IPTABLES_TABLE}" = "filter" ] || [ "${IPTABLES_TABLE}" = "security" ]; then
138138
if [ "${IPTABLES_CHAIN}" = "INPUT" ]; then
139139
if [ "${IPTABLES_TARGET}" = "ACCEPT" ]; then
140-
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} YELLOW"
141-
AddHP 1 3
140+
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} YELLOW 1 3"
142141
elif [ "${IPTABLES_TARGET}" = "DROP" ]; then
143-
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} GREEN"
144-
AddHP 3 3
142+
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} GREEN 3 3"
145143
fi
146144
fi
147145
if [ "${IPTABLES_CHAIN}" = "INPUT" ] || [ "${IPTABLES_CHAIN}" = "FORWARD" ] || [ "${IPTABLES_CHAIN}" = "OUTPUT" ]; then
148146
if [ "${IPTABLES_TARGET}" = "NFQUEUE" ]; then
149-
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} RED"
150-
AddHP 0 3
147+
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE}\n${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} RED 0 3"
151148
fi
152149
fi
153150
fi
154151
done
155-
# Sort output if sort tool is available
156-
if [ -n "${SORTBINARY}" ]; then
157-
LogText "Info: sorting output"
158-
IPTABLES_OUTPUT="$(echo "${IPTABLES_OUTPUT_QUEUE}" | ${SORTBINARY} -u )"
159-
else
160-
IPTABLES_OUTPUT="${IPTABLES_OUTPUT_QUEUE}"
161-
fi
162-
echo "${IPTABLES_OUTPUT}" | while IFS="$(printf '\n')" read -r IPTABLES_OUTPUT_LINE
163-
do
164-
if [ -n "$IPTABLES_OUTPUT_LINE" ]; then
165-
set -- ${IPTABLES_OUTPUT_LINE}
166-
while [ $# -gt 0 ]; do
167-
LogText "Result: Found target '${3}' for chain '${2}' (table: ${1})"
168-
Display --indent 6 --text "- Chain ${2} (table: ${1}, target: ${3})" --result "${3}" --color "${4}"
169-
if [ "${3}" = "NFQUEUE" ]
170-
then
171-
ReportSuggestion "${TEST_NO}" "Consider avoid ${3} target if possible (iptables chain ${2}, table: ${1})"
172-
fi
173-
shift 4
174-
done
152+
if [ -n "${IPTABLES_OUTPUT_QUEUE}" ]; then
153+
# Sort output if sort tool is available
154+
if [ -n "${SORTBINARY}" ]; then
155+
LogText "Info: sorting output"
156+
IPTABLES_OUTPUT="$(printf '%b' "${IPTABLES_OUTPUT_QUEUE}" | ${SORTBINARY} -u )"
157+
else
158+
IPTABLES_OUTPUT="$(printf '%b' "${IPTABLES_OUTPUT_QUEUE}")"
175159
fi
176-
done
160+
printf '%b\n' "${IPTABLES_OUTPUT}" | while IFS="$(printf '\n')" read -r IPTABLES_OUTPUT_LINE
161+
do
162+
if [ -n "$IPTABLES_OUTPUT_LINE" ]; then
163+
set -- ${IPTABLES_OUTPUT_LINE}
164+
while [ $# -gt 0 ]; do
165+
LogText "Result: Found target '${3}' for chain '${2}' (table: ${1})"
166+
Display --indent 6 --text "- Chain ${2} (table: ${1}, target: ${3})" --result "${3}" --color "${4}"
167+
if [ "${3}" = "NFQUEUE" ]
168+
then
169+
ReportSuggestion "${TEST_NO}" "Consider avoid ${3} target if possible (iptables chain ${2}, table: ${1})"
170+
fi
171+
AddHP "${5}" "${6}"
172+
shift 6
173+
done
174+
fi
175+
done
176+
fi
177177
}
178178
unset IPTABLES_TABLE
179179
done

0 commit comments

Comments
 (0)