[Shorewall-devel] [PATCH] Shorewall 4.5.14 Beta 3

[Tom Eastep]

The attached patch makes changes in DNAT similar to those that were made
in SNAT in response to Steven's testing.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index c4460b0..ca2c8e9 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -690,10 +690,16 @@ sub handle_nat_rule( $$$$$$$$$$$$ ) {
 		validate_range( $1, $2 );
 	    } else {
 		my ( $addr1, $addr2 ) = ( $1, $2 );
-		$addr1 = $1 if $addr1 =~ /^\[(.+)\]$/;
-		$addr2 = $1 if $addr2 =~ /^\[(.+)\]$/;
+
+		if ( $server =~ /^\[(.+)\]$/ ) {
+		    $server = $1;
+		    fatal_error "Correct address range syntax is '[<addr1>-<addr2>]'" if $server =~ /]-\[/;
+		    assert( $server =~ /^(.+)-(.+)$/ );
+		    ( $addr1, $addr2 ) = ( $1, $2 );
+		}
+
 		validate_range( $addr1, $addr2 );
-		$server = join '-', $addr1, $addr2
+		$server = join( '-', $addr1, $addr2 );
 	    }
 	} else {
 	    unless ( $server eq ALLIP ) {
@@ -713,7 +719,6 @@ sub handle_nat_rule( $$$$$$$$$$$$ ) {
 		    }
 		} else {
 		    for my $serv ( split /,/, $server ) {
-			$serv =~ s/-/]-[/; #In case this is a range.
 			$target .= " --to-destination [${serv}]${serverport}";
 		    }
 		}

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel