From c00068e08d6506fac056dbb55e0a34654ad7ea2a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 18 Dec 2011 07:21:32 -0800
Subject: [PATCH] Another correction to the 'CT' target

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Raw.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm
index ba843b851..ead71fd4f 100644
--- a/Shorewall/Perl/Shorewall/Raw.pm
+++ b/Shorewall/Perl/Shorewall/Raw.pm
@@ -60,6 +60,7 @@ sub process_notrack_rule( $$$$$$$ ) {
     my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );
 
     my $target = $action;
+    my $exception_rule = '';
 
     unless ( $action eq 'NOTRACK' ) {
 	(  $target, my ( $option, $args, $junk ) ) = split ':', $action, 4;
@@ -76,8 +77,10 @@ sub process_notrack_rule( $$$$$$$ ) {
 
 	    if ( $option eq 'helper' ) {
 		fatal_error "Invalid helper' ($args)" if $args =~ /,/;
+		fatal_error "A protocol and destination port are required in CT:helper rules" if $ports eq '-'; 
 		do_helper( $args );
 		$action = "CT --helper $args";
+		$exception_rule = do_proto( $proto, '-', '-' );
 	    } elsif ( $option eq 'ctevents' ) {
 		for ( split ',', $args ) {
 		    fatal_error "Invalid 'ctevents' event ($_)" unless $valid_ctevent{$_};
@@ -104,7 +107,7 @@ sub process_notrack_rule( $$$$$$$ ) {
 	$action ,
 	'' ,
 	$target ,
-	'' ;
+	$exception_rule ;
 
     progress_message "  Notrack rule \"$currentline\" $done";