From 646a259f2ed75ef1d5ef7dad4e58cd9a441b1bc3 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 17 Jul 2002 21:42:30 +0000
Subject: [PATCH] Improve source/dest checking in 'check'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@140 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 8 ++++++++
 Shorewall/rules    | 3 ++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index 88b7bcb15..681e8330c 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -658,6 +658,14 @@ validate_rule() {
 	case "$logtarget" in
 	REJECT)
 	    target=reject
+	    [ -n "$servport" ] && \
+		startup_error "Error: server port may not be specified in a REJECT rule;"\
+                              "rule: \"$rule\""
+	    ;;
+	ACCEPT)
+	    [ -n "$servport" ] && \
+		startup_error "Error: server port may not be specified in an ACCEPT rule;"\
+                              "rule: \"$rule\""
 	    ;;
 	REDIRECT)
 	    [ -n "$serv" ] && startup_error "Error: REDIRECT rules cannot"\
diff --git a/Shorewall/rules b/Shorewall/rules
index 274648997..514471c5f 100755
--- a/Shorewall/rules
+++ b/Shorewall/rules
@@ -71,7 +71,8 @@
 #			The port that the server is listening on may be
 #			included and separated from the server's IP address by
 #			":". If omitted, the firewall will not modifiy the
-#			destination port.
+#			destination port. A destination port may only be
+#			included if the ACTION is DNAT or REDIRECT.
 #
 #			Example: loc:192.168.1.3:3128 specifies a local
 #			server at IP address 192.168.1.3 and listening on port