parse_port_name_number_or_range fix range check

for port range  a:b,

we need to check that b > a

this kind of range is invalid

80:22
80:ssh
http:ssh

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index da8b4a27d363c67a3f643f19000d3e70a725d142..f5ae88f392bd76fbb9e5c10374f6957509507a95 100644 (file)
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -389,6 +389,7 @@ sub get_etc_services {
 
        if ($line =~ m!^(\S+)\s+(\S+)/(tcp|udp).*$!) {
            $services->{byid}->{$2}->{name} = $1;
+           $services->{byid}->{$2}->{port} = $2;
            $services->{byid}->{$2}->{$3} = 1;
            $services->{byname}->{$1} = $services->{byid}->{$2};
        }
@@ -457,9 +458,13 @@ sub parse_port_name_number_or_range {
     my $nbports = 0;
     foreach my $item (split(/,/, $str)) {
        my $portlist = "";
+       my $oldpon = undef;
        foreach my $pon (split(':', $item, 2)) {
+           $pon = $services->{byname}->{$pon}->{port} if $services->{byname}->{$pon}->{port};
            if ($pon =~ m/^\d+$/){
                die "invalid port '$pon'\n" if $pon < 0 && $pon > 65535;
+               die "port '$pon' must be bigger than port '$oldpon' \n" if $oldpon && ($pon < $oldpon);
+               $oldpon = $pon;
            }else{
                die "invalid port $services->{byname}->{$pon}\n" if !$services->{byname}->{$pon};
            }