From 1d4f189b5f638c045c00626b9640c6e41ecd6754 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 25 Feb 2013 17:26:17 -0800
Subject: [PATCH] Don't allow interior brackets in an address range.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Nat.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index a5fbea9d6..a2e4115e5 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -277,8 +277,10 @@ sub process_one_masq1( $$$$$$$$$$ )
 
 				$addr = $1;
 
-				if ( $addr =~ /^(.+)]-\[(.+)$/ ) {
+				if ( $addr =~ /^(.+)-(.+)$/ ) {
+				    fatal_error "Correct address range syntax is '[<addr1>-<addr2>]'" if $addr =~ /]-\[/;
 				    validate_range( $1, $2 );
+				    $addr =~ s/]-\[/-/;
 				} else {
 				    validate_address $addr, 0;
 				}