From: Stijn Tintel Date: Thu, 25 Nov 2021 03:41:16 +0000 (+0200) Subject: fw4.uc: do not skip defaults with invalid option X-Git-Url: http://git.openwrt.org/%22https:/collectd.org//%22%24PHP_SELF/%22https:/collectd.org/%22%24PHP_SELF?a=commitdiff_plain;h=31c7550efcb8d1f6014202a257fc1b9e3ab5fc9e;p=project%2Ffirewall4.git fw4.uc: do not skip defaults with invalid option Skipping a defaults section because it contains invalid options can be a security risk. If the user configures a default policy to DROP or REJECT, this should always be applied. The user is warned about the invalid option anyway. This makes firewall4 behave like firewall3 with regards to defaults. Signed-off-by: Stijn Tintel Reviewed-by: Jo-Philipp Wich --- diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc index 4769827..8057fac 100644 --- a/root/usr/share/ucode/fw4.uc +++ b/root/usr/share/ucode/fw4.uc @@ -1642,11 +1642,6 @@ return { flow_offloading_hw: [ "bool", "0" ] }); - if (defs === false) { - this.warn_section(data, "skipped due to invalid options"); - return; - } - if (defs.synflood_protect === null) defs.synflood_protect = defs.syn_flood;