[PATCH] fw3: zones: limit zone names to 11 bytes

Alexey Dobrovolsky dobrovolskiy.alexey at gmail.com
Sun Aug 30 17:10:09 EDT 2020


As defined in currently used iptables v1.8.4 [0], [1], chain name must be
under 29 chars. Thus, user can only edit 11 chars. See also [3].

[0] https://git.netfilter.org/iptables/tree/iptables/xtables.c?h=v1.8.4&id=2b506c6681c7b01803f06b258a39e9da9012e5c5#n1004
[1] https://git.netfilter.org/iptables/tree/include/linux/netfilter/x_tables.h?h=v1.8.4&id=2b506c6681c7b01803f06b258a39e9da9012e5c5#n7
[3] https://dev.archive.openwrt.org/ticket/20380

Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey at gmail.com>
---
 zones.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/zones.h b/zones.h
index d786736..05f8554 100644
--- a/zones.h
+++ b/zones.h
@@ -22,8 +22,11 @@
 #include "options.h"
 #include "iptables.h"
 
-/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
-#define FW3_ZONE_MAXNAMELEN 14
+/*
+ * chain name in iptables must be under 29 chars
+ * 29 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0")
+ */
+#define FW3_ZONE_MAXNAMELEN 11
 
 extern const struct fw3_option fw3_zone_opts[];
 
-- 
2.17.1




More information about the openwrt-devel mailing list