summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorStig Thormodsrud <stig@vyatta.com>2010-02-12 13:08:30 -0800
committerStig Thormodsrud <stig@vyatta.com>2010-02-12 13:08:30 -0800
commitaf6d8e47ecb5917f1f81b61cf536e2efac790f10 (patch)
tree96909a05ac5226b37d0d9da1f8a1bf5e4d80dc25 /lib
parente659fd609925f016b8682985313eb5322fb86115 (diff)
downloadvyatta-cfg-firewall-af6d8e47ecb5917f1f81b61cf536e2efac790f10.tar.gz
vyatta-cfg-firewall-af6d8e47ecb5917f1f81b61cf536e2efac790f10.zip
Fix 5326: firewall group address range wraps at 255.
Diffstat (limited to 'lib')
-rwxr-xr-xlib/Vyatta/IpTables/IpSet.pm5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm
index f0839b9..25cf74a 100755
--- a/lib/Vyatta/IpTables/IpSet.pm
+++ b/lib/Vyatta/IpTables/IpSet.pm
@@ -13,7 +13,7 @@
# General Public License for more details.
#
# This code was originally developed by Vyatta, Inc.
-# Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2009-2010 Vyatta, Inc.
# All Rights Reserved.
#
# Author: Stig Thormodsrud
@@ -310,7 +310,8 @@ sub add_member_range {
} elsif ($self->{_type} eq 'address') {
# $start_ip++ won't work if it doesn't know the
# prefix, so we'll make a big range.
- my $start_ip = new NetAddr::IP("$start/$addr_range_mask");
+ my $wrap_mask = $addr_range_mask - 1;
+ my $start_ip = new NetAddr::IP("$start/$wrap_mask");
my $stop_ip = new NetAddr::IP($stop);
for (; $start_ip <= $stop_ip; $start_ip++) {
my $rc = $self->add_member($start_ip->addr());