On 03/08/2013 05:49 AM, Steven Jan Springl wrote: > Rule: > > ACCEPT fw lan tcp 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 = > > Generates the following iptables rule: > > -A fw-lan -p 6 -m multiport --ports 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 -j > ACCEPT > > Which produces the following error message: > > iptables-restore v1.4.18: too many ports specified >
The attached patch causes long --ports lists to be be split into multiple rules. Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 03efdb7..631cd0c 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1247,6 +1247,11 @@ sub add_rule($$;$) {
# Rule has a --sports specification
#
handle_port_list( $chainref, $rule, 0, $1, $2, $3 )
+ } elsif ( $rule =~ /^(.* --ports\s+)([^ ]+)(.*)$/ ) {
+ #
+ # Rule has a --ports specification
+ #
+ handle_port_list( $chainref, $rule, 0, $1, $2, $3 )
} elsif ( $rule =~ /^(.* --icmp(?:v6)?-type\s*)([^ ]+)(.*)$/ ) {
#
# ICMP rule -- split it up if necessary
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
