sub parse_address_list {
my ($str) = @_;
+ my $nbaor = 0;
foreach my $aor (split(/,/, $str)) {
if (!Net::IP->new($aor)) {
my $err = Net::IP::Error();
die "invalid IP address: $err\n";
+ }else{
+ $nbaor++;
}
}
+ return $nbaor;
}
sub parse_port_name_number_or_range {
my $cmd = "-A $chain";
+ $cmd .= " -m iprange --src-range" if $rule->{nbsource} && $rule->{nbsource} > 1;
$cmd .= " -s $rule->{source}" if $rule->{source};
+ $cmd .= " -m iprange --dst-range" if $rule->{nbdest} && $rule->{nbdest} > 1;
$cmd .= " -d $rule->{dest}" if $rule->{destination};
$cmd .= " -p $rule->{proto}" if $rule->{proto};
$cmd .= " --match multiport" if $rule->{nbdport} && $rule->{nbdport} > 1;
$sport = undef if $sport && $sport eq '-';
my $nbdport = undef;
my $nbsport = undef;
+ my $nbsource = undef;
+ my $nbdest = undef;
eval {
- parse_address_list($source) if $source;
- parse_address_list($dest) if $dest;
+ $nbsource = parse_address_list($source) if $source;
+ $nbdest = parse_address_list($dest) if $dest;
$nbdport = parse_port_name_number_or_range($dport) if $dport;
$nbsport = parse_port_name_number_or_range($sport) if $sport;
};
iface => $iface,
source => $source,
dest => $dest,
+ nbsource => $nbsource,
+ nbdest => $nbdest,
proto => $proto,
dport => $dport,
sport => $sport,
projects / pve-firewall.git / commitdiff