-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 12/18/2016 02:27 PM, Steven Jan Springl wrote:
> Tom
>
> In the attached config. rule
>
> DNSAmp:info lan fw udp 555,666 1111,2222
>
> Generates the following iptables rule:
>
> -A lan2fw -p 17 -m multiport --dports 555,666 -m multiport
> --sports 1111,2222 --dport 53 -m u32 --u32
> "0>>22&0x3C@8&0xffff=0x0100 && 0>>22&0x3C@12&0xffff0000=0x00010000"
> -j ~log0 -m comment --comment 0>>"@@@ /etc/shorewall205/rules:14
> @@@"
>
> Which produces the following iptables-restore error message:
>
> iptables-restore v1.4.21: multiport: option "--source-ports" cannot
> be used together with "--destination-ports".
>
> Note: The problem did not occur with the previous release of
> Shorewall. The problem does not occur with this release of
> Shorewall if OPTIMIZE is set to 0.
>
Thanks Steven,
I think that the attached patch resolves this issue.
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYV0g3AAoJEJbms/JCOk0Q02IP/jz0rDs0fxkcD1dQs09E6+AF
nIV4a2wAFQ/SO/uSCrmbfc07LYSKk9XUr1GNTaGjmcEDvxZv06FB87cwSgStVxH7
mIryLeW+dWyTOnLGLssJcOpJ5lOdSG2MUPmRl2+kJu/INxRP1aFOUkXzQDZif87Z
ShsneRSHc5RLccW9qzdRZ9B729DJaHTwK7rCZ5IiqrNz07FSfH06UwjaivYS4wuo
qgvLYBlv0enoD3fjmEmeLZRcq9HjaKvOiOxJrYGbU4an+lP6Vm4xY+on/ukDT0rg
aDXu+eUT++pmdlG26OxsTM+cUgLYbmEgy/QohgTsOikhvN0m2azpQA9IRF6aDOQs
vGyr5PxDdLqQ0g/+zB38cVK+ZenejWQDvwsf5hMwJS4nK2SDiYbhVftlyaC69MyY
1VvlC/zRe+ZR3Ygcip7SU2AvYuYowgFPOjYmWm3hTIau4hAks/zy4mj8AH8j5zPw
roY2DfW9Sto8UXlIrbh6cBjCNLfDC5neBb0IfsoXEeNLswr2qA2T9TYqs4ycP74a
UJQqMQTK+XtiSdThfT8U12IMm5gU2uf32EERfEBs+h0+NQA2wvIagcIv4xzrCbCM
QLF8LbzTnnmR0WzAUwIQPvQ0eL58Zp+BL4JbPkn519I66fKy0iTucwS1GAHIiDTD
tez2z/KVOW+e5UhCHbng
=TlTC
-----END PGP SIGNATURE-----
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 4c1d67a..c524f7e 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1195,9 +1195,13 @@ sub compatible( $$ ) {
}
}
#
- # Don't combine chains where each specifies '-m policy'
+ # Don't combine chains where each specifies
+ # '-m policy'
+ # ( --dport or --sport or -m multiport )
#
- return ! ( $ref1->{policy} && $ref2->{policy} );
+ return ! ( $ref1->{policy} && $ref2->{policy} ||
+ ( ( $ref1->{multiport} && ( $ref2->{dport} || $ref2->{sport} || $ref2->{multiport} ) ) ||
+ ( $ref2->{multiport} && ( $ref1->{dport} || $ref1->{sport} || $ref1->{multiport} ) ) ) );
}
#
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
