firewall: Fix off-by-one error in configuration parser

The configuration parser determines how many comma-separated
values there are in a line. If new values are added we need
to check first if those are set in every line to avoid any
undefined behaviour. A wrong comparison parameter was used
which caused that the limit feature was never enabled in
the rule generation.

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 75a9357f64bc6047a47f81ad56f9c9e46301489f..a475e2d60ea7cb880746471ea8623e10cb64ffbd 100755 (executable)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -280,7 +280,7 @@ sub buildrules {
                # Concurrent connection limit
                my @ratelimit_options = ();
 
-               if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) {
+               if (($elements ge 34) && ($$hash{$key}[32] eq 'ON')) {
                        my $conn_limit = $$hash{$key}[33];
 
                        if ($conn_limit ge 1) {
@@ -296,13 +296,13 @@ sub buildrules {
                }
 
                # Ratelimit
-               if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) {
+               if (($elements ge 37) && ($$hash{$key}[34] eq 'ON')) {
                        my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
 
-                               if ($rate_limit) {
-                                       push(@ratelimit_options, ("-m", "limit"));
-                                       push(@ratelimit_options, ("--limit", $rate_limit));
-                               }
+                       if ($rate_limit) {
+                               push(@ratelimit_options, ("-m", "limit"));
+                               push(@ratelimit_options, ("--limit", $rate_limit));
+                       }
                }
 
                # Check which protocols are used in this rule and so that we can