-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/16/2016 12:49 PM, Steven Jan Springl wrote:
> Tom
>
> Rule
>
> ACCEPT lan fw tcp tacacs-ds:krb_prop
>
> Produces the following error message:
>
> ERROR: Invalid port range (tacacs-ds:krb_prop)
>
> This worked in previous releases.
>
The attached patch corrects the problem by restricting '-' as a
port-range delimiter to the case where port numbers are used rather
than service names.
Thanks Steve,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYA9+jAAoJEJbms/JCOk0Qs8sQALDCDve+xLJaQTMGu2QJe5PD
3GIYf1RpsDG0Su6b3Rt0iMUFGWo2REfEEGGW0SxO3heHMY5IFRmurgYDd5Eff1/o
HKgd92W/1uqn43kbmhqWU2tqxyEqQqMMEdRKfroGDczve6A/7bW2dayvL89E3f0j
HqQHANzkL+wJKYAiPdJGdYZ9xj1wrqSoP9cToH+iS/IgAawk6xD9HBT191DGQC90
Zp+GzHjtDz44NbkxeN0Qoer5N3damh0dWcl75PqgJJaJe07jfj21AzOvTMNaot3X
QmRo7s4LcOXf8GTwZjf1qP+ahrL0u4Mo424MpVZblwbhc2YY6DQMpZVBXK3n4ZiJ
nIUjzB2/skQSttUvlYvEkVQynFwW/vka+2PDgpZkqVert/HSh4s9/+3as0oPS9Gz
haE0RAOoQfwWfy2Kl4PR/5LNpJbFeti+By/FKoN/xVG0sFUhXzuGyHgwwL/lAO/6
EmolyXbvlJ0NRwvRvRQ9CwI+B8mFfZSvDHFk/ClTGe0H30afnvkymVv6IIelRYzn
CaM+LLY46U6TGBoEjzYrVqm/5fh+utEGK6GxmlSQ9YlKgLI/HdQ1Ssff5LnloQLS
hAKNen9kh/ap02H6Ii9N860K9Sm3lLw+eJMQIyKKW4kqmPVaeRczVVYhhGcVx3Q9
q4ziI+5mkoSRPrfVGFUN
=wjPy
-----END PGP SIGNATURE-----
diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm
index 2d1ae26..b358848 100644
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -436,7 +436,7 @@ sub validate_portpair( $$ ) {
#
# Accept '-' as a port-range separator
#
- $pair =~ tr/-/:/;
+ $pair =~ tr/-/:/ if $pair =~ /^[-0-9]+$/;
fatal_error "Invalid port range ($portpair)" if $pair =~ tr/:/:/ > 1;
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel