Flag '-' used as a port range separator

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/IPAddrs.pm

@@ -314,9 +314,11 @@ sub validate_port( $$ ) {
 	$value = getservbyname( $port, $proto );
     }
 
-    fatal_error "Invalid/Unknown $proto port/service ($_[1])" unless defined $value;
+    return $value if defined $value;
 
-    $value;
+    fatal_error "The separator for a port range is ':', not '-' ($port)" if $port =~ /^\d+-\d+$/;
+
+    fatal_error "Invalid/Unknown $proto port/service ($_[1])" unless defined $value;
 }
 
 sub validate_portpair( $$ ) {

Shorewall/changelog.txt

@@ -22,6 +22,8 @@ Changes in Shorewall 4.4.8
 
 11) Don't show 'OLD' capabilities if they are not available.
 
+12) Attempt to flag use of '-' as a port-range separator.
+
 Changes in Shorewall 4.4.7
 
 1)  Backport optimization changes from 4.5.

Shorewall/releasenotes.txt

@@ -328,6 +328,23 @@ None.
 
 3)  An OpenPGP HTTP Keyserver Protocol (HKP) macro (macro.HKP) has been
     contributed.
+
+4)  In an attempt to help those who don't read the documentation, the
+    compiler now flags apparent use of '-' as a port range separator
+    with an error message.
+
+    Example:
+
+    /etc/shorewall/rules
+
+       #ACTION    SOURCE     DEST      PROTO    DEST
+       #                                        PORT(S)
+       ACCEPT	  net        fw        tcp      20-22
+
+    Resulting error message
+
+       ERROR: The separator for a port range is ':', not '-' (20-22) : 
+              /etc/shorewall/rules (line 3)
  
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S