From 791c2b45d873d02d3955ac846b69a3ee1e1f6f47 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 4 Oct 2014 13:52:15 +0200
Subject: [PATCH] firewall: fix rules.pl for old rules without ratelimiting.

---
 config/firewall/rules.pl | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 40fb8dd2ac..4d703825d1 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -131,6 +131,12 @@ sub print_rule {
 	print "\n";
 }
 
+sub count_elements {
+	my $hash = shift;
+
+	return scalar @$hash;
+}
+
 sub flush {
 	run("$IPTABLES -F $CHAIN_INPUT");
 	run("$IPTABLES -F $CHAIN_FORWARD");
@@ -186,6 +192,9 @@ sub buildrules {
 		# Skip disabled rules.
 		next unless ($$hash{$key}[2] eq 'ON');
 
+		# Count number of elements in this line
+		my $elements = &count_elements($$hash{$key});
+
 		if ($DEBUG) {
 			print_rule($$hash{$key});
 		}
@@ -270,7 +279,8 @@ sub buildrules {
 
 		# Concurrent connection limit
 		my @ratelimit_options = ();
-		if ($$hash{$key}[32] eq 'ON') {
+
+		if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) {
 			my $conn_limit = $$hash{$key}[33];
 
 			if ($conn_limit ge 1) {
@@ -286,7 +296,7 @@ sub buildrules {
 		}
 
 		# Ratelimit
-		if ($$hash{$key}[34] eq 'ON') {
+		if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) {
 			my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
 
 				if ($rate_limit) {
-- 
2.39.5