diff options
| author | Daniil Baturin <daniil.baturin@vyatta.com> | 2012-12-12 07:07:59 -0800 |
|---|---|---|
| committer | Daniil Baturin <daniil.baturin@vyatta.com> | 2012-12-12 07:07:59 -0800 |
| commit | 88c4718379a463c5483ff41bcb85c8bcc4853957 (patch) | |
| tree | ebcdcca110702425944aca5c7e5df098909c3e4b | |
| parent | 2fe9271c46aaaa06daf6df2626766be6aa83b444 (diff) | |
| download | vyatta-nat-88c4718379a463c5483ff41bcb85c8bcc4853957.tar.gz vyatta-nat-88c4718379a463c5483ff41bcb85c8bcc4853957.zip | |
Bug 8337: don't disallow using source and destination with
multiport at the same time.
| -rw-r--r-- | lib/Vyatta/DstNatRule.pm | 3 | ||||
| -rw-r--r-- | lib/Vyatta/NatRuleCommon.pm | 16 | ||||
| -rw-r--r-- | lib/Vyatta/SrcNatRule.pm | 10 |
3 files changed, 19 insertions, 10 deletions
diff --git a/lib/Vyatta/DstNatRule.pm b/lib/Vyatta/DstNatRule.pm index 627fc16..e2aa483 100644 --- a/lib/Vyatta/DstNatRule.pm +++ b/lib/Vyatta/DstNatRule.pm @@ -291,7 +291,8 @@ sub rule_str { if ($tcp_and_udp == 1) { $comment = "\"$type-NAT-$self->{_rule_number} tcp_udp\" "; } - $rule_str .= "$src_str $dst_str" . " -m comment --comment " . $comment . " "; + my $src_dst_str = make_src_dst_str($src_str, $dst_str); + $rule_str .= " $src_dst_str " . " -m comment --comment " . $comment . " "; if ("$self->{_log}" eq "enable") { my $rule_num = $self->{_rule_number}; my $log_prefix = get_log_prefix($rule_num, $type, $log_modifier); diff --git a/lib/Vyatta/NatRuleCommon.pm b/lib/Vyatta/NatRuleCommon.pm index afde084..f0763ff 100644 --- a/lib/Vyatta/NatRuleCommon.pm +++ b/lib/Vyatta/NatRuleCommon.pm @@ -34,7 +34,7 @@ use Vyatta::TypeChecker; require Exporter; our @ISA = qw(Exporter); -our @EXPORT = qw(is_disabled get_num_ipt_rules get_log_prefix output_xml_elem); +our @EXPORT = qw(is_disabled get_num_ipt_rules get_log_prefix output_xml_elem make_src_dst_str); sub is_disabled { my $self = shift; @@ -74,6 +74,20 @@ sub output_xml_elem { print $fh " <$name>$value</$name>\n"; } +# Single port option must be before multiport one, +# rearrange if needed +sub make_src_dst_str { + my ($src_str, $dst_str) = @_; + my $src_dst_str; + if (grep /multiport/, $src_str) { + $src_dst_str = " $dst_str $src_str "; + } elsif (grep /multiport/, $dst_str) { + $src_dst_str = " $src_str $dst_str "; + } else { + $src_dst_str = " $src_str $dst_str "; + } + return $src_dst_str; +} 1; diff --git a/lib/Vyatta/SrcNatRule.pm b/lib/Vyatta/SrcNatRule.pm index 1fdc383..89623a4 100644 --- a/lib/Vyatta/SrcNatRule.pm +++ b/lib/Vyatta/SrcNatRule.pm @@ -288,13 +288,6 @@ sub rule_str { my ($dst_str, $dst_err) = $dst->rule(); return ($dst_err, undef) if (!defined($dst_str)); - if ((grep /multiport/, $src_str) || (grep /multiport/, $dst_str)) { - if ((grep /sport/, $src_str) && (grep /dport/, $dst_str)) { - return ('cannot specify multiple ports when both source and destination ' - . 'ports are specified', undef); - } - } - # if using netmap then source address should have the same prefix # as the outside|inside address depending on the whether the type is src|dst if ($use_netmap) { @@ -330,7 +323,8 @@ sub rule_str { if ($tcp_and_udp == 1) { $comment = "\"$type-NAT-$self->{_rule_number} tcp_udp\" "; } - $rule_str .= " $src_str $dst_str" . " -m comment --comment " . $comment; + my $src_dst_str = make_src_dst_str($src_str, $dst_str); + $rule_str .= " $src_dst_str" . " -m comment --comment " . $comment; if ("$self->{_log}" eq "enable") { my $rule_num = $self->{_rule_number}; my $log_prefix = get_log_prefix($rule_num, $type, $log_modifier); |