Little cleanup of Steven's patch

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5985 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-04-17 22:05:40 +00:00 · 2007-04-17 22:05:40 +00:00 · ddc6b76e93
commit ddc6b76e93
parent cffa16852b
1 changed files with 2 additions and 5 deletions
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@ -647,7 +647,6 @@ sub do_proto( $$$ )
 	    my @ports = split /,/, $ports;
 	    my $count = @ports;
 	    if ( $count ) {
 		if ( $count > 1 ) {
 		    fatal_error "Port list requires Multiport support in your kernel/iptables: $ports" unless $capabilities{MULTIPORT};
@ -669,7 +668,6 @@ sub do_proto( $$$ )
 	    @ports = split /,/, $sports;
 	    $count = @ports;
 	    if ( $count ) {
 		if ( $count > 1 ) {
 		    fatal_error "Port list requires Multiport support in your kernel/iptables: $sports" unless $capabilities{MULTIPORT};
@ -689,10 +687,9 @@ sub do_proto( $$$ )
 	    }
 	} elsif ( $proto =~ /^(icmp|1)$/i ) {
 	    my @ports = split /,/, $ports;
-	    my $count = @ports;
+	    fatal_error 'Multiple ICMP types are not permitted' if @ports > 1;
 	    fatal_error 'Multiple ICMP types are not permitted' if $count > 1;
 	    $output .= "-p icmp ";
-	    $output .= "--icmp-type $ports " if $count;
+	    $output .= "--icmp-type $ports " if @ports;
 	    fatal_error 'SOURCE PORT(S) not permitted with ICMP' if $sports ne '';
 	} elsif ( $proto =~ /^(ipp2p(:(tcp|udp|all)))?$/i ) {
 	    require_capability( 'IPP2P' , 'PROTO = ipp2p' );