diff options
| author | An-Cheng Huang <ancheng@vyatta.com> | 2008-04-16 14:39:18 -0700 |
|---|---|---|
| committer | An-Cheng Huang <ancheng@vyatta.com> | 2008-04-16 14:39:18 -0700 |
| commit | 39ba6c4198867381cdf5218853f4bcbcea233e2e (patch) | |
| tree | 0b0f471a717af079b523cbee036bcbbe251f5958 | |
| parent | 019d7da7481bb91d00ce9c6f3337107e1e5796b5 (diff) | |
| download | vyatta-cfg-firewall-39ba6c4198867381cdf5218853f4bcbcea233e2e.tar.gz vyatta-cfg-firewall-39ba6c4198867381cdf5218853f4bcbcea233e2e.zip | |
fix for bug 3167: disallow multiport specification if both source and
destination ports are defined.
| -rw-r--r-- | scripts/firewall/VyattaIpTablesRule.pm | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/scripts/firewall/VyattaIpTablesRule.pm b/scripts/firewall/VyattaIpTablesRule.pm index c2174c4..a4ec902 100644 --- a/scripts/firewall/VyattaIpTablesRule.pm +++ b/scripts/firewall/VyattaIpTablesRule.pm @@ -210,6 +210,12 @@ sub rule { return ($err_str, ) if (!defined($srcrule)); ($dstrule, $err_str) = $dst->rule(); return ($err_str, ) if (!defined($dstrule)); + if ((grep /multiport/, $srcrule) || (grep /multiport/, $dstrule)) { + if ((grep /sport/, $srcrule) && (grep /dport/, $dstrule)) { + return ('Cannot specify multiple ports when both ' + . 'source and destination ports are specified', ); + } + } $rule .= " $srcrule $dstrule "; my $chain = $self->{_name}; |