From 543af8bccb3f5e123858c39455eda61eba80e1e1 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 27 Nov 2009 08:56:23 -0800
Subject: [PATCH] Fix off-by-one problem

---
 Shorewall/Perl/Shorewall/Zones.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 4f5f5db68..e96c6959f 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -183,7 +183,7 @@ use constant { SIMPLE_IF_OPTION   => 1,
 	   };
 
 use constant { VIRTUAL_BASE       => 0x1000000 ,
-	       VIRTUAL_LIMIT      => 0x8000000 ,
+	       VIRTUAL_MASK       => 0xf000000 ,
 	       VIRTUAL_BITS       => 4            #Bits for virtual MASK numbers
 	   };
 
@@ -411,7 +411,7 @@ sub process_zone( \$ ) {
 	$type = FIREWALL;
     } elsif ( $type eq 'virtual' ) {
 	require_capability 'MARK_IN_FILTER' , 'virtual zones', '';
-	fatal_error "Too many virtual zones" if $virtualmark == VIRTUAL_LIMIT;
+	fatal_error "Too many virtual zones" unless $virtualmark & VIRTUAL_MASK;
 	$virtual = $virtualmark;
 	$virtualmark = $virtualmark << 1;
 	$type = VIRTUAL;