holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Be sure to detect IPSET_MATCH before OLD_IPSET_MATCH.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-19 13:29:10 -07:00
parent d12336ec78
commit be6b08f835
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2888,6 +2888,8 @@ sub get_set_flags( $$ ) {
my ( $setname, $option ) = @_;
my $options = $option;
require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' , '' );
$ipset_rules++;
$setname =~ s/^!//; # Caller has already taken care of leading !
@ -2986,7 +2988,6 @@ sub match_source_net( $;$\$ ) {
}
if ( $net =~ /^(!?)\+[a-zA-Z][-\w]*(\[.*\])?/ ) {
require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' , '' );
return join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'src' ) );
}
@ -3036,7 +3037,6 @@ sub match_dest_net( $ ) {
}
if ( $net =~ /^(!?)\+[a-zA-Z][-\w]*(\[.*\])?$/ ) {
require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' , '');
return join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'dst' ) );
}