Allow port variables as the server port in DNAT rules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-08-16 15:36:18 -07:00 · 2017-08-16 15:36:18 -07:00 · 5a9f179e25
commit 5a9f179e25
parent d8eca457de
1 changed files with 2 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -4832,7 +4832,7 @@ sub do_proto( $$$;$ )
 				$multiport = 1;
 			    }  else {
 				fatal_error "Missing DEST PORT" unless supplied $ports;
-				$ports   = validate_portpair $pname , $ports;
+				$ports   = validate_portpair $pname , $ports unless $ports =~ /^\$/;
 				$output .= ( $srcndst ? "-m multiport ${invert}--ports ${ports} " : "${invert}--dport ${ports} " );
 			    }
 			}
@ -5039,7 +5039,7 @@ sub do_iproto( $$$ )
 				$multiport = 1;
 			    }  else {
 				fatal_error "Missing DEST PORT" unless supplied $ports;
-				$ports   = validate_portpair $pname , $ports;
+				$ports   = validate_portpair $pname , $ports unless $ports =~ /^\$/;

 				if ( $srcndst ) {
 				    push @output, multiport => "${invert}--ports ${ports}";