fixing 8338: support multiport options in conntrack timeouts

author: Gaurav Sinha <gaurav.sinha@vyatta.com> 2012-09-10 13:03:46 -0700
committer: Gaurav Sinha <gaurav.sinha@vyatta.com> 2012-09-10 13:03:46 -0700
commit: d6a1395ed39259852b756f1788d68a3c2eb06aad (patch)
tree: b92baa9a47936498842319c337882398cd031f30
parent: 4ec10d5087730012dc9b130f2027bb895f7baa0a (diff)
download: vyatta-conntrack-d6a1395ed39259852b756f1788d68a3c2eb06aad.tar.gz
vyatta-conntrack-d6a1395ed39259852b756f1788d68a3c2eb06aad.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/Vyatta/Conntrack/RuleCT.pm b/lib/Vyatta/Conntrack/RuleCT.pm
index b472e51..e8d9626 100644
--- a/lib/Vyatta/Conntrack/RuleCT.pm
+++ b/lib/Vyatta/Conntrack/RuleCT.pm
@@ -83,7 +83,16 @@ sub rule {
   } elsif ($self->{_protocol} eq "other") {
     $rule .= " -p all";
   }
-  $rule .= " $srcrule $dstrule ";
+
+  # make sure multiport is always behind single port option 
+  if ((grep /multiport/, $srcrule)) {
+    $rule .= " $dstrule $srcrule ";
+  } elsif ((grep /multiport/, $dstrule)) {
+    $rule .= " $srcrule $dstrule ";
+  } else {
+    $rule .= " $srcrule $dstrule ";
+   }
+
   return $rule;
 }
author	Gaurav Sinha <gaurav.sinha@vyatta.com>	2012-09-10 13:03:46 -0700
committer	Gaurav Sinha <gaurav.sinha@vyatta.com>	2012-09-10 13:03:46 -0700
commit	d6a1395ed39259852b756f1788d68a3c2eb06aad (patch)
tree	b92baa9a47936498842319c337882398cd031f30
parent	4ec10d5087730012dc9b130f2027bb895f7baa0a (diff)
download	vyatta-conntrack-d6a1395ed39259852b756f1788d68a3c2eb06aad.tar.gz vyatta-conntrack-d6a1395ed39259852b756f1788d68a3c2eb06aad.zip