From: Dominik Csapak <d.csapak@proxmox.com>
Date: Fri, 30 Nov 2018 15:31:41 +0000 (+0100)
Subject: fix #2004: do not allow backwards ranges
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=12be0dfe9fc44906a8650a355baa1b601e6a3c0d;ds=sidebyside

fix #2004: do not allow backwards ranges

ranges like 10:5 are allowed by us, but iptables throws an error
that is only visible in the syslog and the firewall rules do not
get updated

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 035dc7e..db1eae3 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1054,6 +1054,7 @@ sub parse_port_name_number_or_range {
 	    my ($port1, $port2) = ($1, $2);
 	    die "invalid port '$port1'\n" if $port1 > 65535;
 	    die "invalid port '$port2'\n" if $port2 > 65535;
+	    die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;
 	} elsif ($item =~ m/^([0-9]+)$/) {
 	    $count += 1;
 	    my $port = $1;