- if ($rule->{dport}) {
- if ($rule->{proto} && $rule->{proto} eq 'icmp') {
- # Note: we use dport to store --icmp-type
- die "unknown icmp-type '$rule->{dport}'\n" if !defined($icmp_type_names->{$rule->{dport}});
- $cmd .= " -m icmp --icmp-type $rule->{dport}";
- } else {
- if ($rule->{nbdport} && $rule->{nbdport} > 1) {
- if ($multiport == 2) {
- $cmd .= " --ports $rule->{dport}";
+ die "multiport: option '--sports' cannot be used together with '--dports'\n"
+ if ($multiport == 2) && ($rule->{dport} ne $rule->{sport});
+
+ if ($rule->{dport}) {
+ if ($rule->{proto} && $rule->{proto} eq 'icmp') {
+ # Note: we use dport to store --icmp-type
+ die "unknown icmp-type '$rule->{dport}'\n" if !defined($icmp_type_names->{$rule->{dport}});
+ $cmd .= " -m icmp --icmp-type $rule->{dport}";
+ } else {
+ if ($rule->{nbdport} && $rule->{nbdport} > 1) {
+ if ($multiport == 2) {
+ $cmd .= " --ports $rule->{dport}";
+ } else {
+ $cmd .= " --dports $rule->{dport}";
+ }