From 29bf9110d7c576e8c965e7f976ca364599c43391 Mon Sep 17 00:00:00 2001
From: Gaurav Sinha <gaurav.sinha@vyatta.com>
Date: Mon, 10 Sep 2012 15:13:37 -0700
Subject: 8325: do port check on negated protocol input

---
 lib/Vyatta/Conntrack/RuleIgnore.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/Vyatta/Conntrack/RuleIgnore.pm b/lib/Vyatta/Conntrack/RuleIgnore.pm
index 7c3f668..30cd33d 100644
--- a/lib/Vyatta/Conntrack/RuleIgnore.pm
+++ b/lib/Vyatta/Conntrack/RuleIgnore.pm
@@ -80,7 +80,7 @@ sub setup_base {
 
   my $rule = $self->{_rule_number};
   if (($src->{_port})) {
-    if (($src->{_protocol} ne 'udp') and ($src->{_protocol} ne 'tcp')) {
+    if (!((grep /tcp/, $src->{_protocol}) or (grep /udp/, $src->{_protocol}))) {
       die "Error: port requires tcp / udp as protocol in rule $rule\n"; 
     }
   }
@@ -89,10 +89,10 @@ sub setup_base {
   $dst->{_protocol} = $self->{_protocol};#needed to use address filter
 
   if (($dst->{_port})) {
-    if (($dst->{_protocol} ne 'udp') and ($dst->{_protocol} ne 'tcp')) {
+    if (!((grep /tcp/, $dst->{_protocol}) or (grep /udp/, $dst->{_protocol}))) {
       die "Error: port requires tcp / udp as protocol in rule $rule\n"; 
     }
-    }
+  }
   return 0;
 }
 
-- 
cgit v1.2.3