extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-23 14:48:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correct semantics of ipset lists in tcfilters

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2014-02-04 12:27:46 -08:00
parent 7ddc65133e
commit 0383ca7de6
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -2201,19 +2201,15 @@ sub handle_ematch( $$ ) {
if ( $setname =~ /^\+\[(.+)\]$/ ) { if ( $setname =~ /^\+\[(.+)\]$/ ) {
my @sets = split_host_list( $1, 1, 1 ); my @sets = split_host_list( $1, 1, 1 );
fatal_error "Multiple ipset matches require the Repeat Match capability in your kernel and iptables" unless $globals{KLUDGEFREE}; my $result = '';
my $result = @sets > 1 ? "\\(\\\n" : '';
my $sets = 0; my $sets = 0;
for $setname ( @sets ) { for $setname ( @sets ) {
$result .= ' or' if $sets++; $result .= ' and' if $sets++;
$result .= "\\\n " if @sets > 1; $result .= "\\\n " if @sets > 1;
$result .= handle_ematch( $setname, $option ); $result .= handle_ematch( $setname, $option );
} }
$result .= "\\\n \\)" if @sets > 1;
return $result; return $result;
} }