From 33dc8de8fbb42ea71d1125784be74ad97e4a8e4f Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 5 Sep 2010 11:41:35 -0700
Subject: [PATCH] Allow dash's in ipset names

---
 Shorewall/Perl/Shorewall/Chains.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 2d7ae724a..4a6df26c0 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2523,7 +2523,7 @@ sub match_source_net( $;$ ) {
     } elsif ( $net =~ /^!?~/ ) {
 	fatal_error "MAC address cannot be used in this context" if $restriction >= OUTPUT_RESTRICT;
 	mac_match $net;
-    } elsif ( $net =~ /^(!?)\+[a-zA-Z]\w*(\[.*\])?/ ) {
+    } elsif ( $net =~ /^(!?)\+[a-zA-Z][-\w]*(\[.*\])?/ ) {
 	require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' , '' );
 	join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'src' ) );
     } elsif ( $net =~ s/^!// ) {
@@ -2547,7 +2547,7 @@ sub match_dest_net( $ ) {
 	$net =~ s/!// if my $invert = $1 ? '! ' : '';
 	validate_range $addr1, $addr2;
 	iprange_match . "${invert}--dst-range $net ";
-    } elsif ( $net =~ /^(!?)\+[a-zA-Z]\w*(\[.*\])?$/ ) {
+    } elsif ( $net =~ /^(!?)\+[a-zA-Z][-\w]*(\[.*\])?$/ ) {
 	require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' , '');
 	join( '', '-m set ', $1 ? '! ' : '',  get_set_flags( $net, 'dst' ) );
     } elsif ( $net =~ /^!/ ) {