diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-08-15 10:13:06 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-08-15 10:13:06 +0300 |
| commit | 0c599d7cccd9e9ae320583f5961bdf25a3f1af02 (patch) | |
| tree | 635c4c62694f08f1283533c5704af9b6981eb494 | |
| parent | 54e03d0f4f0085fccf0dbaff9a4ac173407c22d1 (diff) | |
| download | awall-0c599d7cccd9e9ae320583f5961bdf25a3f1af02.tar.bz2 awall-0c599d7cccd9e9ae320583f5961bdf25a3f1af02.tar.xz | |
split into multiple rules when multiport module's port limit is exceeded
fixes #2131
| -rw-r--r-- | awall/model.lua | 38 |
1 files changed, 30 insertions, 8 deletions
diff --git a/awall/model.lua b/awall/model.lua index 090e50f..cc53445 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -272,16 +272,38 @@ function Rule:servoptfrags() local popt = ' --'..(self.reverse and 's' or 'd')..'port' for proto, plist in pairs(ports) do - local opts = '-p '..proto - local len = table.maxn(plist) + local propt = '-p '..proto - if len == 1 then - opts = opts..popt..' '..plist[1] - elseif len > 1 then - opts = opts..' -m multiport'..popt..'s '..table.concat(plist, ',') - end + if plist[1] then + local len = #plist + repeat + local opts + + if len == 1 then + opts = propt..popt..' '..plist[1] + len = 0 + + else + opts = propt..' -m multiport'..popt..'s ' + local pc = 0 + repeat + local sep = pc == 0 and '' or ',' + local port = plist[1] + + pc = pc + (string.find(port, ':') and 2 or 1) + if pc > 15 then break end + + opts = opts..sep..port + + table.remove(plist, 1) + len = len - 1 + until len == 0 + end + + table.insert(res, {opts=opts}) + until len == 0 - table.insert(res, {opts=opts}) + else table.insert(res, {opts=propt}) end end return res |