From 5a9f179e253db55567038d15ad1159670bdd8a78 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 16 Aug 2017 15:36:18 -0700
Subject: [PATCH] Allow port variables as the server port in DNAT rules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 6b087a303..001b0cde0 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -4832,7 +4832,7 @@ sub do_proto( $$$;$ )
 				$multiport = 1;
 			    }  else {
 				fatal_error "Missing DEST PORT" unless supplied $ports;
-				$ports   = validate_portpair $pname , $ports;
+				$ports   = validate_portpair $pname , $ports unless $ports =~ /^\$/;
 				$output .= ( $srcndst ? "-m multiport ${invert}--ports ${ports} " : "${invert}--dport ${ports} " );
 			    }
 			}
@@ -5039,7 +5039,7 @@ sub do_iproto( $$$ )
 				$multiport = 1;
 			    }  else {
 				fatal_error "Missing DEST PORT" unless supplied $ports;
-				$ports   = validate_portpair $pname , $ports;
+				$ports   = validate_portpair $pname , $ports unless $ports =~ /^\$/;
 
 				if ( $srcndst ) {
 				    push @output, multiport => "${invert}--ports ${ports}";