From 125b5e2b163a5c3bd1ac3ca5d99a5c04972748fb Mon Sep 17 00:00:00 2001
From: Viktor Liu <17948409+lixmal@users.noreply.github.com>
Date: Wed, 5 Feb 2025 18:55:42 +0100
Subject: [PATCH] [client] Fix acl empty port range detection (#3285)

---
 client/internal/acl/manager.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/client/internal/acl/manager.go b/client/internal/acl/manager.go
index 9ec0bb031..a015e0a49 100644
--- a/client/internal/acl/manager.go
+++ b/client/internal/acl/manager.go
@@ -268,7 +268,7 @@ func (d *DefaultManager) protoRuleToFirewallRule(
 	}
 
 	var port *firewall.Port
-	if r.PortInfo != nil {
+	if !portInfoEmpty(r.PortInfo) {
 		port = convertPortInfo(r.PortInfo)
 	} else if r.Port != "" {
 		// old version of management, single port
@@ -305,6 +305,22 @@ func (d *DefaultManager) protoRuleToFirewallRule(
 	return ruleID, rules, nil
 }
 
+func portInfoEmpty(portInfo *mgmProto.PortInfo) bool {
+	if portInfo == nil {
+		return true
+	}
+
+	switch portInfo.GetPortSelection().(type) {
+	case *mgmProto.PortInfo_Port:
+		return portInfo.GetPort() == 0
+	case *mgmProto.PortInfo_Range_:
+		r := portInfo.GetRange()
+		return r == nil || r.Start == 0 || r.End == 0
+	default:
+		return true
+	}
+}
+
 func (d *DefaultManager) addInRules(
 	ip net.IP,
 	protocol firewall.Protocol,