From 3d7df0dd621b0d0ca1fd0115f1f74d3334114d52 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 8 Oct 2003 18:45:26 +0000 Subject: [PATCH] Correct icmp fix git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@761 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- STABLE/firewall | 18 ++++++++---------- Shorewall/firewall | 18 ++++++++---------- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/STABLE/firewall b/STABLE/firewall index b7c3a4d66..db7c2125e 100755 --- a/STABLE/firewall +++ b/STABLE/firewall @@ -2761,13 +2761,13 @@ process_rule() # $1 = target # Generate Netfilter rule(s) + protocol=${protocol:=all} + case $logtarget in DNAT*) - if [ -n "$MULTIPORT" -a \ - "$protocol" != "icmp" -a \ - "$protocol" != "ICMP" -a \ - "$protocol" != "1" -a \ - "$ports" = "${ports%:*}" -a \ + if [ -n "$MULTIPORT" ] && \ + ! list_search $protocol "icmp" "ICMP" "1" && \ + [ "$ports" = "${ports%:*}" -a \ "$cports" = "${cports%:*}" -a \ `list_count $ports` -le 15 -a \ `list_count $cports` -le 15 ] @@ -2803,11 +2803,9 @@ process_rule() # $1 = target ;; *) - if [ -n "$MULTIPORT" -a \ - "$protocol" != "icmp" -a \ - "$protocol" != "ICMP" -a \ - "$protocol" != "1" -a \ - "$ports" = "${ports%:*}" -a \ + if [ -n "$MULTIPORT" ] && \ + ! list_search $protocol "icmp" "ICMP" "1" && \ + [ "$ports" = "${ports%:*}" -a \ "$cports" = "${cports%:*}" -a \ `list_count $ports` -le 15 -a \ `list_count $cports` -le 15 ] diff --git a/Shorewall/firewall b/Shorewall/firewall index b7c3a4d66..db7c2125e 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -2761,13 +2761,13 @@ process_rule() # $1 = target # Generate Netfilter rule(s) + protocol=${protocol:=all} + case $logtarget in DNAT*) - if [ -n "$MULTIPORT" -a \ - "$protocol" != "icmp" -a \ - "$protocol" != "ICMP" -a \ - "$protocol" != "1" -a \ - "$ports" = "${ports%:*}" -a \ + if [ -n "$MULTIPORT" ] && \ + ! list_search $protocol "icmp" "ICMP" "1" && \ + [ "$ports" = "${ports%:*}" -a \ "$cports" = "${cports%:*}" -a \ `list_count $ports` -le 15 -a \ `list_count $cports` -le 15 ] @@ -2803,11 +2803,9 @@ process_rule() # $1 = target ;; *) - if [ -n "$MULTIPORT" -a \ - "$protocol" != "icmp" -a \ - "$protocol" != "ICMP" -a \ - "$protocol" != "1" -a \ - "$ports" = "${ports%:*}" -a \ + if [ -n "$MULTIPORT" ] && \ + ! list_search $protocol "icmp" "ICMP" "1" && \ + [ "$ports" = "${ports%:*}" -a \ "$cports" = "${cports%:*}" -a \ `list_count $ports` -le 15 -a \ `list_count $cports` -le 15 ]