firewall: Fix multiple ports in comma-separated list

Fixes: #13959 - iptables error on boot with multiport
Reported-by: Dieter Schütze <dieter.schuetze@beo-doc.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index c414f172ce8fdbe58f5b2aa7fd446e11024c1d43..1cd0dd446ddb97935c62f14f4baac0f1df42f0a1 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -923,22 +923,28 @@ sub format_ports {
        my $ports = shift;
        my $type = shift;
 
-       my $arg;
-       if ($type eq "src") {
-               $arg = "--sport";
-       } elsif ($type eq "dst") {
-               $arg = "--dport";
-       }
-
        my @options = ();
 
+       # Handle multiple ports
        if ($ports =~ /\|/) {
                $ports =~ s/\|/,/g;
+
+               # Enable multiport match
                push(@options, ("-m", "multiport"));
-       }
 
-       if ($ports) {
-               push(@options, ($arg, $ports));
+               if ($type eq "src") {
+                       push(@options, "--source-ports", ${ports});
+               } elsif ($type eq "dst") {
+                       push(@options, "--destination-ports", ${ports});
+               }
+
+       # Handle single ports
+       } else {
+               if ($type eq "src") {
+                       push(@options, "--sport", ${ports});
+               } elsif ($type eq "dst") {
+                       push(@options, "--dport", ${ports});
+               }
        }
 
        return @options;