firewall: fix rules.pl for old rules without ratelimiting.

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 40fb8dd2ac821f360b3f77c57624e09ce2893773..4d703825d170b588fecb61043e424d57904de2ce 100755 (executable)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -131,6 +131,12 @@ sub print_rule {
        print "\n";
 }
 
+sub count_elements {
+       my $hash = shift;
+
+       return scalar @$hash;
+}
+
 sub flush {
        run("$IPTABLES -F $CHAIN_INPUT");
        run("$IPTABLES -F $CHAIN_FORWARD");
@@ -186,6 +192,9 @@ sub buildrules {
                # Skip disabled rules.
                next unless ($$hash{$key}[2] eq 'ON');
 
+               # Count number of elements in this line
+               my $elements = &count_elements($$hash{$key});
+
                if ($DEBUG) {
                        print_rule($$hash{$key});
                }
@@ -270,7 +279,8 @@ sub buildrules {
 
                # Concurrent connection limit
                my @ratelimit_options = ();
-               if ($$hash{$key}[32] eq 'ON') {
+
+               if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) {
                        my $conn_limit = $$hash{$key}[33];
 
                        if ($conn_limit ge 1) {
@@ -286,7 +296,7 @@ sub buildrules {
                }
 
                # Ratelimit
-               if ($$hash{$key}[34] eq 'ON') {
+               if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) {
                        my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
 
                                if ($rate_limit) {