From fd2fcc996f0c78d39465c9688975c432ab7047ea Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 10 Mar 2013 08:32:45 -0700
Subject: [PATCH] Don't allow port redirection with UDPLITE

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Nat.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index b918b0479..97eb90a47 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -641,6 +641,10 @@ sub handle_nat_rule( $$$$$$$$$$$$ ) {
 	$server = $1;      # May be empty
 	$serverport = $2;  # Not Empty due to RE
 
+	my ( $p ) = split( ':', $proto ); # Might be "tcp:syn"
+
+	fatal_error "Port-redirection is not supported for UDPLITE" if resolve_proto( $p ) == UDPLITE; 
+
 	$origdstports = validate_port( $proto, $ports )	if $ports && $ports ne '-' && port_count( $ports ) == 1;
 
 	if ( $serverport =~ /^(\d+)-(\d+)$/ ) {