Re: [Shorewall-devel] Shorewall 5.0.14 RC 3

Wed, 02 Nov 2016 14:37:06 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 11/02/2016 02:12 PM, Steven Jan Springl wrote:

> The snat rule in the attached config. generates the following
> iptables rule:
> 
> -A ~excl0 -j MASQUERADE --to-ports 101-201
> 
> Which produces the following error message:
> 
> iptables-restore v1.4.21: Need TCP, UDP, SCTP or DCCP with port 
> specification
> 

Steven,

The attached patch seems to correct the problem.

Thanks,
- -Tom
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJYGlxXAAoJEJbms/JCOk0QkxAQALCITon1cAlZuY9FmBo1Yp7H
IeWZY5O4Rh5OKleXhwIywA+Odo/tOg8PulklCBUcedmWUVotJQmXe16tfXqdhawz
AFjs6IULdr1VhzIm0ziZ0RQ9RxM2Vj3WkedavaptcLVoCuT30Q/40FHVjdGS5FCz
uKWEqG0Nvx1TQOclnRrL2CB11Xy1sxYgrRmvnw+XkIpd2D04ZnG5bm859w+efgb5
66d8KhM1ZjYAN8/EbEPZzJyevgEY65KOY8kxT5KoyrIcsa7UKwB5nkiY2K1acViF
50o5+ybnLKb/HFCOdElrJsFrtQLCjH9AnCqGNDObNm4oB7dI5y4Td5R4JMpUiFcJ
YvAzJzS1JPI1pTNwlA7A8SqpmmoQSOAJPGskpQMIXSs19jGk69BZf8v5xwfBxCET
4NZH7kOgZjC2Nea6T/1qmFubDxBfOxmz9MM9VakZRrlvPy3/qCShwIA+QMnbZfJg
JnMm+/KqChbUk/aSVbzvsHfQgtG/IBmhN3/BQ6NIG871C5ihULH654OSmh/TnnrB
Qtjb4dSb+IxYWze/L1ft2TSXcOte784BKv8jU8bmVGHdAWDZt23dJHjLwK1fBIm3
6kHeB8+62lncxU5fEBBRcedcYg5Fw9D6ta74ZFbJXwq9fQ3fdIxZ/7W5sD2AORiW
WpdzvG03gHXG12618NCW
=0nv1
-----END PGP SIGNATURE-----

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index be91e1d..b02836b 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -5624,6 +5624,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
 	    if ( supplied $addresses ) {
 		validate_portpair1($proto, $addresses );
 		$target .= " --to-ports $addresses";
+		$exceptionrule = do_proto( $proto, '', '' );
 	    }
 	}
 	#

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to