extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Accept '-' as the separator in a port range.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-10-14 10:10:03 -07:00
parent 289825a76f
commit b5906812a2
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Shorewall/Perl/Shorewall/IPAddrs.pm
View File

@ -432,13 +432,18 @@ sub validate_port( $$ ) {
sub validate_portpair( $$ ) {
my ($proto, $portpair) = @_;
my $what;
my $pair = $portpair;
#
# Accept '-' as a port-range separator
#
$pair =~ tr/-/:/;
fatal_error "Invalid port range ($portpair)" if $portpair =~ tr/:/:/ > 1;
fatal_error "Invalid port range ($portpair)" if $pair =~ tr/:/:/ > 1;
$portpair = "0$portpair" if substr( $portpair, 0, 1 ) eq ':';
$portpair = "${portpair}65535" if substr( $portpair, -1, 1 ) eq ':';
$pair = "0$pair" if substr( $pair, 0, 1 ) eq ':';
$pair = "${pair}65535" if substr( $pair, -1, 1 ) eq ':';
my @ports = split /:/, $portpair, 2;
my @ports = split /:/, $pair, 2;
my $protonum = resolve_proto( $proto ) || 0;
@ -497,7 +502,7 @@ sub validate_port_list( $$ ) {
my ( $proto, $list ) = @_;
my @list = split_list( $list, 'port' );
if ( @list > 1 && $list =~ /:/ ) {
if ( @list > 1 && $list =~ /[:-]/ ) {
require_capability( 'XMULTIPORT' , 'Port ranges in a port list', '' );
}

10
docs/configuration_file_basics.xml
View File

@ -2619,6 +2619,12 @@ DNAT net loc:192.168.1.3 tcp <emphasis role="bold">4000:4100<
<para>Also, unless otherwise documented, a port range can be preceded by
'!' to specify "All ports except those in this range" (e.g.,
"!4000:4100").</para>
<para>Beginning with Shorewall 5.0.14, a hyphen ("-") may also be used to
separate the two port numbers.</para>
<programlisting>#ACTION SOURCE DESTINATION PROTO DPORT
DNAT net loc:192.168.1.3 tcp <emphasis role="bold">4000-4100</emphasis></programlisting>
</section>
<section id="Portlists">
@ -2969,8 +2975,8 @@ redirect =&gt; 137</programlisting>
then again for another hour from 23:00 onwards. If this is unwanted,
e.g. if you would like 'match for two hours from Montay 23:00
onwards' you need to also specify the <emphasis
role="bold">contiguous</emphasis> option in the example above.
</para>
role="bold">contiguous</emphasis> option in the example
above.</para>
</listitem>
</varlistentry>
</variablelist>