* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 818a2094757986540f3366c79f46e1409b2b4151
@ 2026-04-21 9:15 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-04-21 9:15 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 3053 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 818a2094757986540f3366c79f46e1409b2b4151 (commit)
via 60f540bfe8aa68f0367f57e41831410d288120a7 (commit)
from 5b3743a80347aa83f6773c2955428a90afe65978 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 818a2094757986540f3366c79f46e1409b2b4151
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 21 09:15:40 2026 +0000
core202: Ship rules.pl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 60f540bfe8aa68f0367f57e41831410d288120a7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Apr 20 12:44:36 2026 +0100
firewall: Fix multiple ports in comma-separated list
Fixes: #13959 - iptables error on boot with multiport
Reported-by: Dieter Schütze <dieter.schuetze@beo-doc.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/firewall/rules.pl | 26 ++++++++++++++++----------
config/rootfiles/core/202/filelists/files | 1 +
2 files changed, 17 insertions(+), 10 deletions(-)
Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index c414f172c..1cd0dd446 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -923,22 +923,28 @@ sub format_ports {
my $ports = shift;
my $type = shift;
- my $arg;
- if ($type eq "src") {
- $arg = "--sport";
- } elsif ($type eq "dst") {
- $arg = "--dport";
- }
-
my @options = ();
+ # Handle multiple ports
if ($ports =~ /\|/) {
$ports =~ s/\|/,/g;
+
+ # Enable multiport match
push(@options, ("-m", "multiport"));
- }
- if ($ports) {
- push(@options, ($arg, $ports));
+ if ($type eq "src") {
+ push(@options, "--source-ports", ${ports});
+ } elsif ($type eq "dst") {
+ push(@options, "--destination-ports", ${ports});
+ }
+
+ # Handle single ports
+ } else {
+ if ($type eq "src") {
+ push(@options, "--sport", ${ports});
+ } elsif ($type eq "dst") {
+ push(@options, "--dport", ${ports});
+ }
}
return @options;
diff --git a/config/rootfiles/core/202/filelists/files b/config/rootfiles/core/202/filelists/files
index 1c4795ebc..ebaef1717 100644
--- a/config/rootfiles/core/202/filelists/files
+++ b/config/rootfiles/core/202/filelists/files
@@ -8,6 +8,7 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/services.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/lib/firewall/rules.pl
var/ipfire/dns/dnsbl.json
var/ipfire/general-functions.pl
var/ipfire/network-functions.pl
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-21 9:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-21 9:15 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 818a2094757986540f3366c79f46e1409b2b4151 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox