diff --git a/iptables/match.go b/iptables/match.go index 50b5f11..911c9d1 100644 --- a/iptables/match.go +++ b/iptables/match.go @@ -9531,23 +9531,22 @@ func (mTCP *MatchTCP) Short() string { func (mTCP *MatchTCP) ShortArgs() []string { args := make([]string, 0, 17) args = append(args, "-m", mTCP.matchType.String()) - if mTCP.SrcPortMin > -1 { + if mTCP.SrcPortMin > -1 && mTCP.SrcPortMax > -1 { + args = append(args, "--sport", strconv.Itoa(mTCP.SrcPortMin)+":"+strconv.Itoa(mTCP.SrcPortMax)) + } else if mTCP.SrcPortMin > -1 { if mTCP.SrcPortInvert { args = append(args, "!") } args = append(args, "--sport", strconv.Itoa(mTCP.SrcPortMin)) - if mTCP.SrcPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mTCP.SrcPortMax)) - } } - if mTCP.DstPortMin > -1 { + + if mTCP.DstPortMin > -1 && mTCP.DstPortMax > -1 { + args = append(args, "--dport", strconv.Itoa(mTCP.DstPortMin)+":"+strconv.Itoa(mTCP.DstPortMax)) + } else if mTCP.DstPortMin > -1 { if mTCP.DstPortInvert { args = append(args, "!") } args = append(args, "--dport", strconv.Itoa(mTCP.DstPortMin)) - if mTCP.DstPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mTCP.DstPortMax)) - } } if mTCP.FlagsMask != 0 && mTCP.FlagsSet != 0 { if mTCP.FlagsInvert { @@ -9571,24 +9570,24 @@ func (mTCP *MatchTCP) Long() string { func (mTCP *MatchTCP) LongArgs() []string { args := make([]string, 0, 17) args = append(args, "-m", mTCP.matchType.String()) - if mTCP.SrcPortMin > -1 { + if mTCP.SrcPortMin > -1 && mTCP.SrcPortMax > -1 { + args = append(args, "--source-port", strconv.Itoa(mTCP.SrcPortMin)+":"+strconv.Itoa(mTCP.SrcPortMax)) + } else if mTCP.SrcPortMin > -1 { if mTCP.SrcPortInvert { args = append(args, "!") } args = append(args, "--source-port", strconv.Itoa(mTCP.SrcPortMin)) - if mTCP.SrcPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mTCP.SrcPortMax)) - } } - if mTCP.DstPortMin > -1 { + + if mTCP.DstPortMin > -1 && mTCP.DstPortMax > -1 { + args = append(args, "--destination-port", strconv.Itoa(mTCP.DstPortMin)+":"+strconv.Itoa(mTCP.DstPortMax)) + } else if mTCP.DstPortMin > -1 { if mTCP.DstPortInvert { args = append(args, "!") } args = append(args, "--destination-port", strconv.Itoa(mTCP.DstPortMin)) - if mTCP.DstPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mTCP.DstPortMax)) - } } + if mTCP.FlagsMask != 0 && mTCP.FlagsSet != 0 { if mTCP.FlagsInvert { args = append(args, "!") @@ -10315,23 +10314,28 @@ func (mUDP *MatchUDP) Short() string { func (mUDP *MatchUDP) ShortArgs() []string { args := make([]string, 0, 17) args = append(args, "-m", mUDP.matchType.String()) - if mUDP.SrcPortMin > -1 { + if mUDP.SrcPortMin > -1 && mUDP.SrcPortMax > -1 { if mUDP.SrcPortInvert { args = append(args, "!") } - args = append(args, "--sport", strconv.Itoa(mUDP.SrcPortMin)) - if mUDP.SrcPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mUDP.SrcPortMax)) + args = append(args, "--sport", strconv.Itoa(mUDP.SrcPortMin)+":"+strconv.Itoa(mUDP.SrcPortMax)) + } else if mUDP.SrcPortMin > -1 { + if mUDP.SrcPortInvert { + args = append(args, "!") } + args = append(args, "--sport", strconv.Itoa(mUDP.SrcPortMin)) } - if mUDP.DstPortMin > -1 { + + if mUDP.DstPortMin > -1 && mUDP.DstPortMax > -1 { if mUDP.DstPortInvert { args = append(args, "!") } - args = append(args, "--dport", strconv.Itoa(mUDP.DstPortMin)) - if mUDP.DstPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mUDP.DstPortMax)) + args = append(args, "--dport", strconv.Itoa(mUDP.DstPortMin)+":"+strconv.Itoa(mUDP.DstPortMax)) + } else if mUDP.DstPortMin > -1 { + if mUDP.DstPortInvert { + args = append(args, "!") } + args = append(args, "--dport", strconv.Itoa(mUDP.DstPortMin)) } return args } @@ -10343,23 +10347,28 @@ func (mUDP *MatchUDP) Long() string { func (mUDP *MatchUDP) LongArgs() []string { args := make([]string, 0, 17) args = append(args, "-m", mUDP.matchType.String()) - if mUDP.SrcPortMin > -1 { + if mUDP.SrcPortMin > -1 && mUDP.SrcPortMax > -1 { if mUDP.SrcPortInvert { args = append(args, "!") } - args = append(args, "--source-port", strconv.Itoa(mUDP.SrcPortMin)) - if mUDP.SrcPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mUDP.SrcPortMax)) + args = append(args, "--source-port", strconv.Itoa(mUDP.SrcPortMin)+":"+strconv.Itoa(mUDP.SrcPortMax)) + } else if mUDP.SrcPortMin > -1 { + if mUDP.SrcPortInvert { + args = append(args, "!") } + args = append(args, "--source-port", strconv.Itoa(mUDP.SrcPortMin)) } - if mUDP.DstPortMin > -1 { + + if mUDP.DstPortMin > -1 && mUDP.DstPortMax > -1 { if mUDP.DstPortInvert { args = append(args, "!") } - args = append(args, "--destination-port", strconv.Itoa(mUDP.DstPortMin)) - if mUDP.DstPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mUDP.DstPortMax)) + args = append(args, "--destination-port", strconv.Itoa(mUDP.DstPortMin)+":"+strconv.Itoa(mUDP.DstPortMax)) + } else if mUDP.DstPortMin > -1 { + if mUDP.DstPortInvert { + args = append(args, "!") } + args = append(args, "--destination-port", strconv.Itoa(mUDP.DstPortMin)) } return args }