From 9e2c67b23f8a017cfb25c5cb45317ebf5329380d Mon Sep 17 00:00:00 2001 From: zhaizenghui Date: Thu, 19 Dec 2024 15:30:47 +0800 Subject: [PATCH 1/2] fix: miss concat args --- iptables/match.go | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/iptables/match.go b/iptables/match.go index 50b5f11..8aabc78 100644 --- a/iptables/match.go +++ b/iptables/match.go @@ -9531,23 +9531,22 @@ func (mTCP *MatchTCP) Short() string { func (mTCP *MatchTCP) ShortArgs() []string { args := make([]string, 0, 17) args = append(args, "-m", mTCP.matchType.String()) - if mTCP.SrcPortMin > -1 { + if mTCP.SrcPortMin > -1 && mTCP.SrcPortMax > -1 { + args = append(args, "--sport", strconv.Itoa(mTCP.SrcPortMin)+":"+strconv.Itoa(mTCP.SrcPortMax)) + } else if mTCP.SrcPortMin > -1 { if mTCP.SrcPortInvert { args = append(args, "!") } args = append(args, "--sport", strconv.Itoa(mTCP.SrcPortMin)) - if mTCP.SrcPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mTCP.SrcPortMax)) - } } - if mTCP.DstPortMin > -1 { + + if mTCP.DstPortMin > -1 && mTCP.DstPortMax > -1 { + args = append(args, "--dport", strconv.Itoa(mTCP.DstPortMin)+":"+strconv.Itoa(mTCP.DstPortMax)) + } else if mTCP.DstPortMin > -1 { if mTCP.DstPortInvert { args = append(args, "!") } args = append(args, "--dport", strconv.Itoa(mTCP.DstPortMin)) - if mTCP.DstPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mTCP.DstPortMax)) - } } if mTCP.FlagsMask != 0 && mTCP.FlagsSet != 0 { if mTCP.FlagsInvert { @@ -9571,24 +9570,24 @@ func (mTCP *MatchTCP) Long() string { func (mTCP *MatchTCP) LongArgs() []string { args := make([]string, 0, 17) args = append(args, "-m", mTCP.matchType.String()) - if mTCP.SrcPortMin > -1 { + if mTCP.SrcPortMin > -1 && mTCP.SrcPortMax > -1 { + args = append(args, "--source-port", strconv.Itoa(mTCP.SrcPortMin)+":"+strconv.Itoa(mTCP.SrcPortMax)) + } else if mTCP.SrcPortMin > -1 { if mTCP.SrcPortInvert { args = append(args, "!") } args = append(args, "--source-port", strconv.Itoa(mTCP.SrcPortMin)) - if mTCP.SrcPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mTCP.SrcPortMax)) - } } - if mTCP.DstPortMin > -1 { + + if mTCP.DstPortMin > -1 && mTCP.DstPortMax > -1 { + args = append(args, "--destination-port", strconv.Itoa(mTCP.DstPortMin)+":"+strconv.Itoa(mTCP.DstPortMax)) + } else if mTCP.DstPortMin > -1 { if mTCP.DstPortInvert { args = append(args, "!") } args = append(args, "--destination-port", strconv.Itoa(mTCP.DstPortMin)) - if mTCP.DstPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mTCP.DstPortMax)) - } } + if mTCP.FlagsMask != 0 && mTCP.FlagsSet != 0 { if mTCP.FlagsInvert { args = append(args, "!") From c34034f74375d3325b9863b19872d5ff58cf62eb Mon Sep 17 00:00:00 2001 From: zhaizenghui Date: Thu, 19 Dec 2024 15:40:21 +0800 Subject: [PATCH 2/2] fix: udp match port range --- iptables/match.go | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/iptables/match.go b/iptables/match.go index 8aabc78..911c9d1 100644 --- a/iptables/match.go +++ b/iptables/match.go @@ -10314,23 +10314,28 @@ func (mUDP *MatchUDP) Short() string { func (mUDP *MatchUDP) ShortArgs() []string { args := make([]string, 0, 17) args = append(args, "-m", mUDP.matchType.String()) - if mUDP.SrcPortMin > -1 { + if mUDP.SrcPortMin > -1 && mUDP.SrcPortMax > -1 { if mUDP.SrcPortInvert { args = append(args, "!") } - args = append(args, "--sport", strconv.Itoa(mUDP.SrcPortMin)) - if mUDP.SrcPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mUDP.SrcPortMax)) + args = append(args, "--sport", strconv.Itoa(mUDP.SrcPortMin)+":"+strconv.Itoa(mUDP.SrcPortMax)) + } else if mUDP.SrcPortMin > -1 { + if mUDP.SrcPortInvert { + args = append(args, "!") } + args = append(args, "--sport", strconv.Itoa(mUDP.SrcPortMin)) } - if mUDP.DstPortMin > -1 { + + if mUDP.DstPortMin > -1 && mUDP.DstPortMax > -1 { if mUDP.DstPortInvert { args = append(args, "!") } - args = append(args, "--dport", strconv.Itoa(mUDP.DstPortMin)) - if mUDP.DstPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mUDP.DstPortMax)) + args = append(args, "--dport", strconv.Itoa(mUDP.DstPortMin)+":"+strconv.Itoa(mUDP.DstPortMax)) + } else if mUDP.DstPortMin > -1 { + if mUDP.DstPortInvert { + args = append(args, "!") } + args = append(args, "--dport", strconv.Itoa(mUDP.DstPortMin)) } return args } @@ -10342,23 +10347,28 @@ func (mUDP *MatchUDP) Long() string { func (mUDP *MatchUDP) LongArgs() []string { args := make([]string, 0, 17) args = append(args, "-m", mUDP.matchType.String()) - if mUDP.SrcPortMin > -1 { + if mUDP.SrcPortMin > -1 && mUDP.SrcPortMax > -1 { if mUDP.SrcPortInvert { args = append(args, "!") } - args = append(args, "--source-port", strconv.Itoa(mUDP.SrcPortMin)) - if mUDP.SrcPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mUDP.SrcPortMax)) + args = append(args, "--source-port", strconv.Itoa(mUDP.SrcPortMin)+":"+strconv.Itoa(mUDP.SrcPortMax)) + } else if mUDP.SrcPortMin > -1 { + if mUDP.SrcPortInvert { + args = append(args, "!") } + args = append(args, "--source-port", strconv.Itoa(mUDP.SrcPortMin)) } - if mUDP.DstPortMin > -1 { + + if mUDP.DstPortMin > -1 && mUDP.DstPortMax > -1 { if mUDP.DstPortInvert { args = append(args, "!") } - args = append(args, "--destination-port", strconv.Itoa(mUDP.DstPortMin)) - if mUDP.DstPortMax > -1 { - args = append(args, ":"+strconv.Itoa(mUDP.DstPortMax)) + args = append(args, "--destination-port", strconv.Itoa(mUDP.DstPortMin)+":"+strconv.Itoa(mUDP.DstPortMax)) + } else if mUDP.DstPortMin > -1 { + if mUDP.DstPortInvert { + args = append(args, "!") } + args = append(args, "--destination-port", strconv.Itoa(mUDP.DstPortMin)) } return args }