From 468167f9e52f57dbc91d0e642d03396fc1e1441e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 24 Mar 2015 09:23:15 -0700 Subject: [PATCH] Apply nfw's fix for IP[6]TABLES in the conntrack file Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Raw.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm index 91a591c41..1528bb94a 100644 --- a/Shorewall/Perl/Shorewall/Raw.pm +++ b/Shorewall/Perl/Shorewall/Raw.pm @@ -113,7 +113,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) { $action = $1; $disposition = $1; } - } elsif ( $action =~ /^IP(6)?TABLES\((.+)\)(:(.*))$/ ) { + } elsif ( $action =~ /^IP(6)?TABLES\((.+)\)(:(.*))?$/ ) { if ( $family == F_IPV4 ) { fatal_error 'Invalid conntrack ACTION (IP6TABLES)' if $1; } else { @@ -125,8 +125,8 @@ sub process_conntrack_rule( $$$$$$$$$$ ) { fatal_error "Unknown target ($tgt)" unless $target_type; fatal_error "The $tgt TARGET is not allowed in the raw table" unless $target_type & RAW_TABLE; $disposition = $tgt; - $action = 2; - validate_level( $level = $3 ) if supplied $3; + $action = $2; + validate_level( $level = $4 ) if supplied $4; } else { ( $disposition, my ( $option, $args ), $level ) = split ':', $action, 4;