Farkas Levente wrote: > Tom Eastep wrote: >> Farkas Levente wrote: >>> Tom Eastep wrote: >>>> Farkas Levente wrote: >>>>> hi, >>>>> it seems there is some bug in this version. i've got this error: >>>>> ERROR: Invalid port range (ms:wbt:server) : rules (line 49) >>>>> for this line in rules: >>>>> DNAT net loc:$WINDOWS_IP tcp https,pptp,ms-wbt-server,4125 >>>> To work around the problem, please replace ms-wbt-server by 3389 until I >>>> can >>>> devise a fix. >>> i already done, just wanna let you know:-) >>> >> I just posted the attached patch in the 4.0.5 Errata. > > works. >
Here's a slightly updated patch. The previous one broke the new feature allowing you to specify the server port using a service name. The errata patch has also been updated. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Index: Shorewall/Chains.pm
===================================================================
--- Shorewall/Chains.pm (revision 0)
+++ Shorewall/Chains.pm (working copy)
@@ -872,20 +872,18 @@
sub validate_portrange( $$ ) {
my ($proto, $portpair) = @_;
- if ( $portpair =~ tr/-/-/ > 1 || substr( $portpair, 0, 1 ) eq '-' || substr( $portpair, -1, 1 ) eq '-' ) {
- fatal_error "Invalid port range ($portpair)";
- }
+ if ( $portpair =~ /^(\d+)-(\d+)$/ ) {
+
+ my @ports = ( $1, $2 );
- my @ports = split /-/, $portpair, 2;
+ $_ = validate_port( proto_name( $proto ), $_) for ( @ports );
- $_ = validate_port( proto_name( $proto ), $_) for ( @ports );
-
- if ( @ports == 2 ) {
fatal_error "Invalid port range ($portpair)" unless $ports[0] < $ports[1];
+ } else {
+ $portpair = validate_port ( proto_name( $proto ), $portpair );
}
-
- join '-', @ports;
-
+
+ $portpair;
}
sub validate_port_list( $$ ) {
Index: Shorewall/Rules.pm
===================================================================
--- Shorewall/Rules.pm (revision 0)
+++ Shorewall/Rules.pm (working copy)
@@ -1186,7 +1186,7 @@
# - the target will be ACCEPT.
#
unless ( $actiontype & NATONLY ) {
- $servport =~ tr/-/:/ if $servport ne '-';
+ $servport =~ tr/-/:/ if $serverport =~ /^\d+-\d+$/;
$rule = join( '', do_proto( $proto, $servport, $sports ), do_ratelimit( $ratelimit, 'ACCEPT' ), do_user $user , do_test( $mark , 0xFF ) );
$loglevel = '';
$dest = $server;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
