From 8c92588e14733680b1b63d10e57af169c1f6066b Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 15 Dec 2008 23:31:26 +0000
Subject: [PATCH] Fix iprange handling in IPv6 rules

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9067 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Chains.pm | 8 +++++---
 Shorewall-perl/Shorewall/Rules.pm  | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm
index effe2bdda..10b600423 100644
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@@ -596,7 +596,7 @@ sub use_forward_chain($) {
     #
     # Interface associated with a single zone -- Must use the interface chain if
     #                                            the zone has  multiple interfaces
-    #
+    #                                            and this chain has option rules
     $interfaceref->{options}{use_forward_chain} && keys %{ zone_interfaces( $zone ) } > 1;
 }
 
@@ -1565,7 +1565,8 @@ sub match_source_net( $;$ ) {
 
     $restriction |= NO_RESTRICT;
 
-    if ( $net =~ /^(!?)(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ) {
+    if ( $family == F_IPV4 && $net =~ /^(!?)(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ||
+	 $family == F_IPV6 && $net =~  /^(!?)(.*:.*)-(.*:.*)$/ ) {
 	my ($addr1, $addr2) = ( $2, $3 );
 	$net =~ s/!// if my $invert = $1 ? '! ' : '';
 	validate_range $addr1, $addr2;
@@ -1591,7 +1592,8 @@ sub match_source_net( $;$ ) {
 sub match_dest_net( $ ) {
     my $net = $_[0];
 
-    if ( $net =~ /^(!?)(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ) {
+    if ( $family == F_IPV4 && $net =~ /^(!?)(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ||
+	 $family == F_IPV6 && $net =~  /^(!?)(.*:.*)-(.*:.*)$/ ) {
 	my ($addr1, $addr2) = ( $2, $3 );
 	$net =~ s/!// if my $invert = $1 ? '! ' : '';
 	validate_range $addr1, $addr2;
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index e25db8683..3c61ae4b3 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -624,6 +624,8 @@ sub add_common_rules() {
 	
 	for $interface ( @$list ) {
 	    set_interface_option $interface, 'use_input_chain', 1;
+	    set_interface_option $interface, 'use_forward_chain', 1;
+
 	    for $chain ( input_chain $interface, output_chain $interface ) {
 		add_rule $filter_table->{$chain} , "-p udp --dport $ports -j ACCEPT";
 	    }