From c3d35b6ed67847841cace7d2e04c987df1273c90 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 19 Apr 2007 21:14:18 +0000 Subject: [PATCH] Fix a couple of more bugs git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6024 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Chains.pm | 11 ++++++++--- Shorewall-perl/Shorewall/Rules.pm | 1 + 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 74cbdc025..4bc2fd7de 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -650,8 +650,13 @@ sub do_proto( $$$ ) $sports = '' if $sports eq '-'; if ( $proto ) { - if ( $proto =~ /^(tcp|udp|6|17)$/i ) { - $output = "-p $proto "; + if ( $proto =~ /^((tcp|6)((:syn)?))|(udp|17)$/ ) { + + if ( $3 ) { + $output = '-p tcp --syn '; + } else { + $output = "-p $proto "; + } if ( $ports ) { if ( $ports =~ tr/,/,/ > 0 ) { @@ -1338,7 +1343,7 @@ sub expand_rule( $$$$$$$$$$ ) # # We have non-trivial exclusion -- need to create an exclusion chain # - fatal_error "Exclusion is not possible in CONTINUE rules" if $disposition eq 'RETURN'; + fatal_error "Exclusion is not possible in CONTINUE/NONAT rules" if $disposition eq 'RETURN'; my $echain = newexclusionchain; diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 8c5588812..26483eafa 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -998,6 +998,7 @@ sub process_rule1 ( $$$$$$$$$ ) { } else { if ( $action eq 'SAME' ) { fatal_error 'Port mapping not allowed in SAME rules' if $serverport; + fatal_error 'SAME not allowed with SOURCE=$FW' if $sourcezone eq $firewall_zone; $target = '-j SAME '; for my $serv ( split /,/, $server ) { $target .= "--to $serv ";