Re: [Shorewall-devel] Shorewall 5.0.14 RC 3

[Tom Eastep]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 11/01/2016 09:32 AM, Steven Jan Springl wrote:

> Snat entry:
> 
> SNAT(10.1.1.1:80:xxxx)        10.11.11.0/24   eth0    tcp
> 
> Generates the iptables-restore rule:
> 
> -A SHOREWALL -o eth0 -p 6 -s 10.11.11.0/24 -j SNAT --to-source 
> 10.1.1.1:80:xxxx -m comment --comment "masq."
> 
> Which produces the following error:
> 
> iptables-restore v1.4.21: Invalid port:port syntax - use dash
> 

Steven,

The attached patch catches this error on both the masq and snat files.

Thanks!
- -Tom
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJYGN1RAAoJEJbms/JCOk0Qn8AP/A1B3u0MFHLrlVivC4ziJFEz
JAli1CE7HpQoIlnQEA8kJfljjNgZ2WvFS+lJo1QX4ShTOdeyOA6mgJ52yLAvztUb
XwGnes8RvscWzY7yDGXnO2X/YwaP8TojecZoWL9CmGj1ieRQufAnr2UsfaoMgUNf
WNKsrsU39n7S7VM+W6KDXSRBZP4HrLw0g5tHqg/G8zWzQfknyIANgcsXQ5LNsAss
dc7MuigMIElAtWkJmYah8P/Csb1QwcivVTq9eWJLXIC9PA8tA8cmBY7e3nc8rsjM
2FuULi6OLaBITVWb32tq8tGWaZmNmA7FtrKph5lIBrTZ7L5noM4I2PPM/Wkl0Zhr
MhIwScZoD7q6KlMOblZFxVxVaht0pwrPGcX97sabngVFHvlhgcjZ+ivZVk6qZNRi
HRBRNJS8ctqcOFCbKd8XrpAfJJBOT5TtNAM3VGa9sShjVAo4ns143vXrnf4A6gty
v3Z4xWZqrpTj58mkhNys/Y8dBej5qELgc7qbdaG8bkP45R9NAt5ZosONqw+K3L3A
XjkfXEe7mhIkZlC2PXbooe6q/LKba5iptFAc7Ky3hep8zviwy3Rceje3e/mF28Tu
Sj6evqLp1MpSlGsIqdsPDQJq0jMRMWT7xm3gD/bZrkUks64Y2T+vi2wTyREBk03e
EVhs3LQyhZirFJM5E9Ei
=+1X6
-----END PGP SIGNATURE-----

diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index 9f45695..9dfb77e 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -280,7 +280,7 @@ sub process_one_masq1( $$$$$$$$$$$$ )
 			} elsif ( $family == F_IPV4 ) {
 			    if ( $addr =~ /^.*\..*\..*\./ ) {
 				$target = 'SNAT ';
-				my ($ipaddr, $rest) = split ':', $addr;
+				my ($ipaddr, $rest) = split ':', $addr, 2;
 				if ( $ipaddr =~ /^(.+)-(.+)$/ ) {
 				    validate_range( $1, $2 );
 				} else {
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 34afae4..6d43be5 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -5553,7 +5553,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
 			}
 		    } elsif ( $family == F_IPV4 ) {
 			if ( $addr =~ /^.*\..*\..*\./ ) {
-			    my ($ipaddr, $rest) = split ':', $addr;
+			    my ($ipaddr, $rest) = split ':', $addr, 2;
 			    if ( $ipaddr =~ /^(.+)-(.+)$/ ) {
 				validate_range( $1, $2 );
 			    } else {

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel