Volker Tanger's
W Y A E . D E
| bug fix - Services with a single source port | |
| From: | Don Wood |
| Date: | Fri, 15 Oct 2004 11:35:15 -0500 |
Using fw1rules-7.3.40, if a service object allows only a single source
port instead of a port range, the source port is ignored. The
following patch will populate both the low and high source ports with
the value of the single port, effectively creating a range of 1 port.
-------------------------------
$ diff fw1rules.bak fw1rules.pl
743a744,746
> } elsif ( $line =~ /^\t\t\t:src_port \(/ ){
> $svc_src_low{$name} = $lineparam;
> $svc_src_high{$name} = $lineparam;
-------------------------------
Here is the patch in some context.
-------------------------------
} elsif ( $line =~ /^\t\t\t:port \(/ ){ #
TCP/UDP destination port
$lineparam =~ tr/-/:/;
$svc_dst_port{$name} = $lineparam;
} elsif ( $line =~ /^\t\t\t:src_port \(/ ){ # PATCH
$svc_src_low{$name} = $lineparam; # PATCH
$svc_src_high{$name} = $lineparam; # PATCH
} elsif ( $line =~ /^\t\t\t:src_port_from \(/ ){
$svc_src_low{$name} = $lineparam;
} elsif ( $line =~ /^\t\t\t:src_port_to \(/ ){
$svc_src_high{$name} = $lineparam;
-------------------------------
An alternate fix would be to only populate the low value with the single port.
--- StripMime Report --
Plain text mail. Excellent! Won't be converted or stripped.
---