Flag '-' used as a port range separator

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-04-29 21:54:35 +02:00 · 2010-03-07 08:36:26 -08:00 · 2010-03-07 08:36:26 -08:00 · f246f728e7
commit f246f728e7
parent 7ee96c41e0
3 changed files with 23 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@ -314,9 +314,11 @@ sub validate_port( $$ ) {
 	$value = getservbyname( $port, $proto );
    }
-    fatal_error "Invalid/Unknown $proto port/service ($_[1])" unless defined $value;
+    return $value if defined $value;
-    $value;
+    fatal_error "The separator for a port range is ':', not '-' ($port)" if $port =~ /^\d+-\d+$/;
    fatal_error "Invalid/Unknown $proto port/service ($_[1])" unless defined $value;
 }
 sub validate_portpair( $$ ) {
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -22,6 +22,8 @@ Changes in Shorewall 4.4.8
 11) Don't show 'OLD' capabilities if they are not available.
 12) Attempt to flag use of '-' as a port-range separator.
 Changes in Shorewall 4.4.7
 1)  Backport optimization changes from 4.5.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -328,6 +328,23 @@ None.
 3)  An OpenPGP HTTP Keyserver Protocol (HKP) macro (macro.HKP) has been
    contributed.
 4)  In an attempt to help those who don't read the documentation, the
    compiler now flags apparent use of '-' as a port range separator
    with an error message.
    Example:
    /etc/shorewall/rules
       #ACTION    SOURCE     DEST      PROTO    DEST
       #                                        PORT(S)
       ACCEPT	  net        fw        tcp      20-22
    Resulting error message
       ERROR: The separator for a port range is ':', not '-' (20-22) : 
              /etc/shorewall/rules (line 3)
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S