mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Correct semantics of ipset lists in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
7ddc65133e
commit
0383ca7de6
@ -2201,19 +2201,15 @@ sub handle_ematch( $$ ) {
|
||||
if ( $setname =~ /^\+\[(.+)\]$/ ) {
|
||||
my @sets = split_host_list( $1, 1, 1 );
|
||||
|
||||
fatal_error "Multiple ipset matches require the Repeat Match capability in your kernel and iptables" unless $globals{KLUDGEFREE};
|
||||
|
||||
my $result = @sets > 1 ? "\\(\\\n" : '';
|
||||
my $result = '';
|
||||
my $sets = 0;
|
||||
|
||||
for $setname ( @sets ) {
|
||||
$result .= ' or' if $sets++;
|
||||
$result .= ' and' if $sets++;
|
||||
$result .= "\\\n " if @sets > 1;
|
||||
$result .= handle_ematch( $setname, $option );
|
||||
}
|
||||
|
||||
$result .= "\\\n \\)" if @sets > 1;
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user