diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-09-07 14:10:29 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-09-07 14:10:29 -0700 |
| commit | 94381cfb92ead6d5f32ab37bace5a1cf46efbb9e (patch) | |
| tree | 484ad7cc7904a4879d0ceeba1fd89a46d902049b | |
| parent | edd76f9174b6a663e0ba7e1596396e78f34e36df (diff) | |
| download | vyatta-cfg-firewall-94381cfb92ead6d5f32ab37bace5a1cf46efbb9e.tar.gz vyatta-cfg-firewall-94381cfb92ead6d5f32ab37bace5a1cf46efbb9e.zip | |
Fixing 3167, mandate multiport values after single port, remove misleading error message
| -rwxr-xr-x | lib/Vyatta/IpTables/Rule.pm | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index 72bd536..3f81a56 100755 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -416,13 +416,15 @@ sub rule { return ($err_str, ) if (!defined($srcrule)); ($dstrule, $err_str) = $dst->rule(); return ($err_str, ) if (!defined($dstrule)); - if ((grep /multiport/, $srcrule) ^ (grep /multiport/, $dstrule)) { - if ((grep /sport/, $srcrule) && (grep /dport/, $dstrule)) { - return ('Cannot specify multiple ports when both ' - . 'source and destination ports are specified', ); - } + + # make sure multiport is always behind single port option + if ((grep /multiport/, $srcrule)) { + $rule .= " $dstrule $srcrule "; + } elsif ((grep /multiport/, $dstrule)) { + $rule .= " $srcrule $dstrule "; + } else { + $rule .= " $srcrule $dstrule "; } - $rule .= " $srcrule $dstrule "; return ('Cannot specify both "match-frag" and "match-non-frag"', ) if (defined($self->{_frag}) && defined($self->{_non_frag})); |