8325: do port check on negated protocol input

author: Gaurav Sinha <gaurav.sinha@vyatta.com> 2012-09-10 15:13:37 -0700
committer: Gaurav Sinha <gaurav.sinha@vyatta.com> 2012-09-10 15:13:37 -0700
commit: 29bf9110d7c576e8c965e7f976ca364599c43391 (patch)
tree: a4978e925faaf7e8f277df53ac1754b2bd07ae64
parent: e66ece266359e4e3a684b2570dfd2dc014154a67 (diff)
download: vyatta-conntrack-29bf9110d7c576e8c965e7f976ca364599c43391.tar.gz
vyatta-conntrack-29bf9110d7c576e8c965e7f976ca364599c43391.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/Vyatta/Conntrack/RuleIgnore.pm b/lib/Vyatta/Conntrack/RuleIgnore.pm
index 7c3f668..30cd33d 100644
--- a/lib/Vyatta/Conntrack/RuleIgnore.pm
+++ b/lib/Vyatta/Conntrack/RuleIgnore.pm
@@ -80,7 +80,7 @@ sub setup_base {
 
   my $rule = $self->{_rule_number};
   if (($src->{_port})) {
-    if (($src->{_protocol} ne 'udp') and ($src->{_protocol} ne 'tcp')) {
+    if (!((grep /tcp/, $src->{_protocol}) or (grep /udp/, $src->{_protocol}))) {
       die "Error: port requires tcp / udp as protocol in rule $rule\n"; 
     }
   }
@@ -89,10 +89,10 @@ sub setup_base {
   $dst->{_protocol} = $self->{_protocol};#needed to use address filter
 
   if (($dst->{_port})) {
-    if (($dst->{_protocol} ne 'udp') and ($dst->{_protocol} ne 'tcp')) {
+    if (!((grep /tcp/, $dst->{_protocol}) or (grep /udp/, $dst->{_protocol}))) {
       die "Error: port requires tcp / udp as protocol in rule $rule\n"; 
     }
-    }
+  }
   return 0;
 }
author	Gaurav Sinha <gaurav.sinha@vyatta.com>	2012-09-10 15:13:37 -0700
committer	Gaurav Sinha <gaurav.sinha@vyatta.com>	2012-09-10 15:13:37 -0700
commit	29bf9110d7c576e8c965e7f976ca364599c43391 (patch)
tree	a4978e925faaf7e8f277df53ac1754b2bd07ae64
parent	e66ece266359e4e3a684b2570dfd2dc014154a67 (diff)
download	vyatta-conntrack-29bf9110d7c576e8c965e7f976ca364599c43391.tar.gz vyatta-conntrack-29bf9110d7c576e8c965e7f976ca364599c43391.zip