Fix NFQUEUE parsing and documentation

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Rules.pm

@@ -475,28 +475,36 @@ sub process_default_action( $$$$ ) {
 sub handle_nfqueue( $$ ) {
     my ($params, $allow_bypass ) = @_;
     my $action;
+    my ( $queue1, $queue2, $queuenum1, $queuenum2 );
 
     require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules and Policies', '' );
 
-    my ( $queue, $bypass ) = split ',', $params;
+    $params = '' unless defined $params;
 
-    if ( $queue eq 'bypass' ) {
+    my ( $queue, $bypass, $junk ) = split ',', $params;
-	fatal_error "'bypass' is not allowed in this context" unless $allow_bypass;
-	fatal_error "Invalid NFQUEUE options (bypass,$bypass)" if supplied $bypass;
-	return 'NFQUEUE --queue-bypass';
-    }
 
-    my ( $queue1, $queue2 ) = split ':', $queue;
+    fatal_error "Invalid NFQUEUE parameter list" if defined $junk;
 
-    my $queuenum1 = numeric_value( $queue1 );
+    if ( supplied $queue ) {
-    my $queuenum2;
+	if ( $queue eq 'bypass' ) {
+	    fatal_error "'bypass' is not allowed in this context" unless $allow_bypass;
+	    fatal_error "Invalid NFQUEUE options (bypass,$bypass)" if supplied $bypass;
+	    return 'NFQUEUE --queue-bypass';
+	}
 
-    fatal_error "Invalid NFQUEUE queue number ($queue1)" unless defined( $queuenum1) && $queuenum1 >= 0 && $queuenum1 <= 65535;
+	( $queue1, $queue2 ) = split ':', $queue;
 
-    if ( supplied $queue2 ) {
+	$queuenum1 = numeric_value( $queue1 );
-	$queuenum2 = numeric_value( $queue2 );
 
-	fatal_error "Invalid NFQUEUE queue number ($queue2)" unless defined( $queuenum2) && $queuenum2 >= 0 && $queuenum2 <= 65535 && $queuenum1 < $queuenum2;
+	fatal_error "Invalid NFQUEUE queue number ($queue1)" unless defined( $queuenum1) && $queuenum1 >= 0 && $queuenum1 <= 65535;
+
+	if ( supplied $queue2 ) {
+	    $queuenum2 = numeric_value( $queue2 );
+
+	    fatal_error "Invalid NFQUEUE queue number ($queue2)" unless defined( $queuenum2) && $queuenum2 >= 0 && $queuenum2 <= 65535 && $queuenum1 < $queuenum2;
+	}
+    } else {
+	$queuenum1 = 0;
     }
 
     if ( supplied $bypass ) {

Shorewall/manpages/shorewall-policy.xml

@@ -105,7 +105,7 @@
         role="bold">REJECT</emphasis>|<emphasis
         role="bold">CONTINUE</emphasis>|<emphasis
         role="bold">QUEUE</emphasis>|<emphasis
-        role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[,<replaceable>queuenumber2</replaceable>])]|<emphasis
+        role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[:<replaceable>queuenumber2</replaceable>])]|<emphasis
         role="bold">NONE</emphasis>}[<emphasis
         role="bold">:</emphasis>{<emphasis>default-action-or-macro</emphasis>[:level]|<emphasis
         role="bold">None</emphasis>}]</term>

Shorewall6/manpages/shorewall6-policy.xml

@@ -105,7 +105,7 @@
         role="bold">REJECT</emphasis>|<emphasis
         role="bold">CONTINUE</emphasis>|<emphasis
         role="bold">QUEUE</emphasis>|<emphasis
-        role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[,<replaceable>queuenumber2</replaceable>])]|<emphasis
+        role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[:<replaceable>queuenumber2</replaceable>])]|<emphasis
         role="bold">NONE</emphasis>}[<emphasis
         role="bold">:</emphasis>{<emphasis>default-action-or-macro</emphasis>[:level]|<emphasis
         role="bold">None</emphasis>}]</term>