From c00068e08d6506fac056dbb55e0a34654ad7ea2a Mon Sep 17 00:00:00 2001 From: Tom Eastep <teastep@shorewall.net> Date: Sun, 18 Dec 2011 07:21:32 -0800 Subject: [PATCH] Another correction to the 'CT' target Signed-off-by: Tom Eastep <teastep@shorewall.net> --- Shorewall/Perl/Shorewall/Raw.pm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm index ba843b851..ead71fd4f 100644 --- a/Shorewall/Perl/Shorewall/Raw.pm +++ b/Shorewall/Perl/Shorewall/Raw.pm @@ -60,6 +60,7 @@ sub process_notrack_rule( $$$$$$$ ) { my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ); my $target = $action; + my $exception_rule = ''; unless ( $action eq 'NOTRACK' ) { ( $target, my ( $option, $args, $junk ) ) = split ':', $action, 4; @@ -76,8 +77,10 @@ sub process_notrack_rule( $$$$$$$ ) { if ( $option eq 'helper' ) { fatal_error "Invalid helper' ($args)" if $args =~ /,/; + fatal_error "A protocol and destination port are required in CT:helper rules" if $ports eq '-'; do_helper( $args ); $action = "CT --helper $args"; + $exception_rule = do_proto( $proto, '-', '-' ); } elsif ( $option eq 'ctevents' ) { for ( split ',', $args ) { fatal_error "Invalid 'ctevents' event ($_)" unless $valid_ctevent{$_}; @@ -104,7 +107,7 @@ sub process_notrack_rule( $$$$$$$ ) { $action , '' , $target , - '' ; + $exception_rule ; progress_message " Notrack rule \"$currentline\" $done";