From 84c5822c20bed2d443def51c4c224c26e9d95bb5 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 11 Feb 2013 16:45:03 -0800
Subject: [PATCH] Correct IPv6 List Handling

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 84 ++++++++++++++++++------------
 1 file changed, 50 insertions(+), 34 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 5b18592ed..d2153cb3d 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -6372,24 +6372,32 @@ sub isolate_source_interface( $ ) {
 	} else {
 	    $iiface = $source;
 	}
-    } elsif  ( $source =~ /^(.+?):<(.+)>\s*$/   ||
-	       $source =~ /^(.+?):\[(.+)\]\s*$/ ||
-	       $source =~ /^(.+?):(!?\+.+)$/    ||
-	       $source =~ /^(.+?):(!?[&%].+)$/  ||
-	       $source =~ /^(.+?):(\[.+\]\/(?:\d+))\s*$/
-	     ) {
-	$iiface = $1;
-	$inets  = $2;
-    } elsif ( $source =~ /:/ ) {
-	if ( $source =~ /^<(.+)>$/ || $source =~ /^\[(.+)\]$/ ) {
-	    $inets = $1;
-	} else {
-	    $inets = $source;
-	}
-    } elsif ( $source =~ /(?:\+|&|%|~|\..*\.)/ || $source =~ /^!?\^/ ) {
-	$inets = $source;
     } else {
-	$iiface = $source;
+	$source =~ tr/<>/[]/;
+
+	if ( $source =~ /^(.+?):(\[(?:.+)\],\[(?:.+)\])$/ ) {
+	    $iiface = $1;
+	    $inets  = $2;
+	} elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ ||
+		  $source =~ /^(.+?):(!?\+.+)$/    ||
+		  $source =~ /^(.+?):(!?[&%].+)$/  ||
+		  $source =~ /^(.+?):(\[.+\]\/(?:\d+))\s*$/
+		) {
+	    $iiface = $1;
+	    $inets  = $2;
+	} elsif ( $source =~ /:/ ) {
+	    if ( $source =~ /^\[(?:.+)\],\[(?:.+)\]$/ ){
+		$inets = $source;
+	    } elsif ( $source =~ /^\[(.+)\]$/ ) {
+		$inets = $1;
+	    } else {
+		$inets = $source;
+	    }
+	} elsif ( $source =~ /(?:\+|&|%|~|\..*\.)/ || $source =~ /^!?\^/ ) {
+	    $inets = $source;
+	} else {
+	    $iiface = $source;
+	}
     }
 
     ( $iiface, $inets );
@@ -6482,24 +6490,32 @@ sub isolate_dest_interface( $$$$ ) {
 	} else {
 	    $diface = $dest;
 	}
-    } elsif ( $dest =~ /^(.+?):<(.+)>\s*$/   || 
-	      $dest =~ /^(.+?):\[(.+)\]\s*$/ ||
-	      $dest =~ /^(.+?):(!?\+.+)$/    ||
-	      $dest =~ /^(.+?):(!?[&%].+)$/  ||
-	      $dest =~ /^(.+?):(\[.+\]\/(?:\d+))\s*$/
-	    ) {
-	$diface = $1;
-	$dnets  = $2;
-    } elsif ( $dest =~ /:/ ) {
-	if ( $dest =~ /^<(.+)>$/ || $dest =~ /^\[(.+)\]$/ ) {
-	    $dnets = $1;
-	} else {
-	    $dnets = $dest;
-	}
-    } elsif ( $dest =~ /(?:\+|&|\..*\.)/ || $dest =~ /^!?\^/ ) {
-	$dnets = $dest;
     } else {
-	$diface = $dest;
+	$dest =~ tr/<>/[]/;
+
+	if ( $dest =~ /^(.+?):(\[(?:.+)\],\[(?:.+)\])$/ ) {
+	    $diface = $1;
+	    $dnets  = $2;
+	} elsif (  $dest =~ /^(.+?):\[(.+)\]\s*$/ ||
+		   $dest =~ /^(.+?):(!?\+.+)$/    ||
+		   $dest =~ /^(.+?):(!?[&%].+)$/  ||
+		   $dest =~ /^(.+?):(\[.+\]\/(?:\d+))\s*$/
+		) {
+	    $diface = $1;
+	    $dnets  = $2;
+	} elsif ( $dest =~ /:/ ) {
+	    if ( $dest =~ /^\[(?:.+)\],\[(?:.+)\]$/ ){
+		$dnets = $dest;
+	    } elsif ( $dest =~ /^\[(.+)\]$/ ) {
+		$dnets = $1;
+	    } else {
+		$dnets = $dest;
+	    }
+	} elsif ( $dest =~ /(?:\+|&|\..*\.)/ || $dest =~ /^!?\^/ ) {
+	    $dnets = $dest;
+	} else {
+	    $diface = $dest;
+	}
     }
 
     ( $diface, $dnets, $rule );