Keep the count for internal checking only and just return
whether the multiport matcher is required.
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
Changes: don't $count, we already have an array...
src/PVE/Firewall.pm | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 54ad48a..4878233 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1063,7 +1063,7 @@ sub parse_port_name_number_or_range {
die "too many entries in port list (> 15 numbers)\n"
if $count > 15;
- return $count;
+ return (scalar(@elements) > 1);
}
PVE::JSONSchema::register_format('pve-fw-sport-spec',
\&pve_fw_verify_sport_spec);
@@ -1885,14 +1885,14 @@ sub ipt_rule_to_cmds {
if (my $proto = $rule->{proto}) {
push @match, "-p $proto";
- my $nbdport = defined($rule->{dport}) ?
parse_port_name_number_or_range($rule->{dport}, 1) : 0;
- my $nbsport = defined($rule->{sport}) ?
parse_port_name_number_or_range($rule->{sport}, 0) : 0;
+ my $multidport = defined($rule->{dport}) &&
parse_port_name_number_or_range($rule->{dport}, 1);
+ my $multisport = defined($rule->{sport}) &&
parse_port_name_number_or_range($rule->{sport}, 0);
# 0 = no multiport
# 1 = multiport with different src and dst port ranges
# 2 = multiport with identical port ranges
- my $multiport = ($nbdport > 1) || ($nbsport > 1);
- $multiport++ if $multiport && ($rule->{dport} eq $rule->{sport});
+ my $multiport = ($multidport || $multisport) ? 1 : 0;
+ $multiport++ if $multidport && $multisport && $rule->{dport} eq
$rule->{sport};
if ($rule->{dport}) {
if ($proto eq 'icmp') {
--
2.11.0
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
