From c2c2dc0b22c7f0900f3d4f33ff946a6f10bfe2a7 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 18 Dec 2016 18:39:19 -0800
Subject: [PATCH] Exercise care when merging rules including -m multiport

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 4c1d67afa..c524f7e09 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1195,9 +1195,13 @@ sub compatible( $$ ) {
 	}
     }
     #
-    # Don't combine chains where each specifies '-m policy'
+    # Don't combine chains where each specifies
+    #    '-m policy'
+    #    ( --dport or --sport or -m multiport )
     #
-    return ! ( $ref1->{policy} && $ref2->{policy} );
+    return ! ( $ref1->{policy} && $ref2->{policy} ||
+	       ( ( $ref1->{multiport} && ( $ref2->{dport} || $ref2->{sport} || $ref2->{multiport} ) ) ||
+		 ( $ref2->{multiport} && ( $ref1->{dport} || $ref1->{sport} || $ref1->{multiport} ) ) ) );
 }
 
 #