Exercise care when merging rules including -m multiport

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-22 15:43:30 +01:00 · 2016-12-18 18:39:19 -08:00 · 2016-12-18 18:39:19 -08:00 · c2c2dc0b22
commit c2c2dc0b22
parent e3951cb5a3
1 changed files with 6 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -1195,9 +1195,13 @@ sub compatible( $$ ) {
 	}
    }
    #
-    # Don't combine chains where each specifies '-m policy'
+    # Don't combine chains where each specifies
+    #    '-m policy'
+    #    ( --dport or --sport or -m multiport )
    #
-    return ! ( $ref1->{policy} && $ref2->{policy} );
+    return ! ( $ref1->{policy} && $ref2->{policy} ||
+	       ( ( $ref1->{multiport} && ( $ref2->{dport} || $ref2->{sport} || $ref2->{multiport} ) ) ||
+		 ( $ref2->{multiport} && ( $ref1->{dport} || $ref1->{sport} || $ref1->{multiport} ) ) ) );
 }

 #