From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 31 Mar 2014 11:16:26 +0000 (+0200)
Subject: firewall: Fix perl coding error.
X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=025741919a54ceb2ce96961e74f3afd1ad10706b;ds=sidebyside

firewall: Fix perl coding error.

Example:
	my @as = (1, 2, 3);
	foreach my $a (@as) {
		$a += 1;
		print "$a\n";
	}

$a will be a reference to the number in the array and not
copied. Therefore $a += 1 will change the numbers in the
array as well, so that after the loop the content of @as
would be (2, 3, 4).
To avoid that, the number needs to be copied into a new
variable like: my $b = $a; and we are fine.

This caused that the content of the @sources and @destinations
array has been altered for the second run of the loop and
incorrect (i.e. no) rules were created.
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index f25983ce5..a0bc32c96 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -254,17 +254,22 @@ sub buildrules {
 			# Check if this protocol knows ports.
 			my $protocol_has_ports = ($protocol ~~ @PROTOCOLS_WITH_PORTS);
 
-			foreach my $source (@sources) {
-				foreach my $destination (@destinations) {
-					# Skip invalid rules.
-					next if (!$source || !$destination || ($destination eq "none"));
+			foreach my $src (@sources) {
+				# Skip invalid source.
+				next unless ($src);
+
+				# Sanitize source.
+				my $source = $src;
+				if ($source ~~ @ANY_ADDRESSES) {
+					$source = "";
+				}
 
-					# Sanitize source.
-					if ($source ~~ @ANY_ADDRESSES) {
-						$source = "";
-					}
+				foreach my $dst (@destinations) {
+					# Skip invalid rules.
+					next if (!$dst || ($dst eq "none"));
 
 					# Sanitize destination.
+					my $destination = $dst;
 					if ($destination ~~ @ANY_ADDRESSES) {
 						$destination = "";
 					}