From b4d40835136ded79ba011d6d5fda244a72b56adb Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 8 Mar 2013 07:38:23 -0800
Subject: [PATCH] Split large '--ports' lists across multiple rules.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 03efdb744..631cd0c39 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1247,6 +1247,11 @@ sub add_rule($$;$) {
 	    # Rule has a --sports specification
 	    #
 	    handle_port_list( $chainref, $rule, 0, $1, $2, $3 )
+	} elsif ( $rule =~  /^(.* --ports\s+)([^ ]+)(.*)$/ ) {
+	    #
+	    # Rule has a --ports specification
+	    #
+	    handle_port_list( $chainref, $rule, 0, $1, $2, $3 )
 	} elsif ( $rule =~ /^(.* --icmp(?:v6)?-type\s*)([^ ]+)(.*)$/ ) {
 	    #
 	    # ICMP rule -- split it up if necessary