for port range a:b, we need to check that b > a
this kind of range is invalid 80:22 80:ssh http:ssh Signed-off-by: Alexandre Derumier <[email protected]> --- PVE/Firewall.pm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm index 45c2b20..fb89290 100644 --- a/PVE/Firewall.pm +++ b/PVE/Firewall.pm @@ -389,6 +389,7 @@ sub get_etc_services { if ($line =~ m!^(\S+)\s+(\S+)/(tcp|udp).*$!) { $services->{byid}->{$2}->{name} = $1; + $services->{byid}->{$2}->{port} = $2; $services->{byid}->{$2}->{$3} = 1; $services->{byname}->{$1} = $services->{byid}->{$2}; } @@ -457,9 +458,13 @@ sub parse_port_name_number_or_range { my $nbports = 0; foreach my $item (split(/,/, $str)) { my $portlist = ""; + my $oldpon = undef; foreach my $pon (split(':', $item, 2)) { + $pon = $services->{byname}->{$pon}->{port} if $services->{byname}->{$pon}->{port}; if ($pon =~ m/^\d+$/){ die "invalid port '$pon'\n" if $pon < 0 && $pon > 65535; + die "port '$pon' must be bigger than port '$oldpon' \n" if $oldpon && ($pon < $oldpon); + $oldpon = $pon; }else{ die "invalid port $services->{byname}->{$pon}\n" if !$services->{byname}->{$pon}; } -- 1.7.10.4 _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
