Speed up multiport selection code

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@53 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/firewall

@@ -1515,13 +1515,16 @@ process_rule() {
         case $proto in
 	    tcp|udp|TCP|UDP|6|17)
 	    	if [ -n "$port" -a "x${port}" != "x-" ]; then
-		    [ `list_count $port` -gt 1 ] && \
+		    [ -n "$multioption" ] && \
+		    [ "$port" != "${port%,*}" ] && \
 			multiport="$multioption"
 		    dports="--dport $port"
 	        fi
 
 		if [ -n "$cport" -a "x${cport}" != "x-" ]; then
-		    [ `list_count $cport` -gt 1 ] && \
+		    [ -n "$multioption" ] && \
+		    [ -z "$multiport" ] && \
+		    [ "$cport" != "${cport%,*}" ] && \
 			multiport="$multioption"
 		    sports="--sport $cport"
 		fi

Shorewall/shorewall.conf

@@ -210,8 +210,9 @@ NAT_BEFORE_RULES=Yes
 
 # MULTIPORT
 #
-# If your kernel supports the multiport match option, you may enable it's use
-# here. When this option is enabled by setting it's value to "Yes" or "yes":
+# If your kernel includes the multiport match option
+# (CONFIG_IP_NF_MATCH_MULTIPORT), you may enable it's use here. When this
+# option is enabled by setting it's value to "Yes" or "yes":
 #
 #	1) If you list more that 15 ports in a comma-seperated list in
 #	   /etc/shorewall/rules, Shorewall will not use the multiport option
@@ -221,6 +222,8 @@ NAT_BEFORE_RULES=Yes
 #	   rule, Shorewall will not use the multiport option but will generate
 #	   a separate rule for each element of each port list.
 #
+# See the /etc/shorewall/rules file for additional information on this option.
+#
 # if this variable is not set or is set to the empty value, "No" is assumed.
 
 MULTIPORT=No