From 78babf09417baaa89602fb706c06e2a1f6f61652 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 26 Feb 2013 10:24:25 -0800 Subject: [PATCH] Fixes for IPv6 DNAT Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Nat.pm | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm index c4460b065..ca2c8e9d3 100644 --- a/Shorewall/Perl/Shorewall/Nat.pm +++ b/Shorewall/Perl/Shorewall/Nat.pm @@ -690,10 +690,16 @@ sub handle_nat_rule( $$$$$$$$$$$$ ) { validate_range( $1, $2 ); } else { my ( $addr1, $addr2 ) = ( $1, $2 ); - $addr1 = $1 if $addr1 =~ /^\[(.+)\]$/; - $addr2 = $1 if $addr2 =~ /^\[(.+)\]$/; + + if ( $server =~ /^\[(.+)\]$/ ) { + $server = $1; + fatal_error "Correct address range syntax is '[-]'" if $server =~ /]-\[/; + assert( $server =~ /^(.+)-(.+)$/ ); + ( $addr1, $addr2 ) = ( $1, $2 ); + } + validate_range( $addr1, $addr2 ); - $server = join '-', $addr1, $addr2 + $server = join( '-', $addr1, $addr2 ); } } else { unless ( $server eq ALLIP ) { @@ -713,7 +719,6 @@ sub handle_nat_rule( $$$$$$$$$$$$ ) { } } else { for my $serv ( split /,/, $server ) { - $serv =~ s/-/]-[/; #In case this is a range. $target .= " --to-destination [${serv}]${serverport}"; } }