diff --git a/Changelog b/Changelog
index ccdaf25..e41356a 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Fix network_port() in corenetwork to correctly handle port ranges.
 - SE-Postgresql updates from KaiGai Kohei.
 - X object manager revisions from Eamon Walsh.
 - Added modules:
diff --git a/policy/modules/kernel/corenetwork.te.m4 b/policy/modules/kernel/corenetwork.te.m4
index 27b4bb6..6ceddc8 100644
--- a/policy/modules/kernel/corenetwork.te.m4
+++ b/policy/modules/kernel/corenetwork.te.m4
@@ -6,6 +6,16 @@
 define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
 
 #
+# range_start(num)
+#
+# return the low port in a range.
+#
+# range_start(600) returns "600"
+# range_start(1200-1600) returns "1200"
+#
+define(`range_start',`ifelse(-1,index(`$1', `-'),$1,substr($1,0,index(`$1', `-')))')
+
+#
 # build_option(option_name,true,[false])
 #
 # makes an ifdef.  hacky quoting changes because with
@@ -68,10 +78,10 @@ declare_nodes($1_node_t,shift($*))
 ')
 
 define(`declare_ports',`dnl
-ifelse(eval($3 < 1024),1,`
+ifelse(eval(range_start($3) < 1024),1,`
 typeattribute $1 reserved_port_type;
 #bindresvport in glibc starts searching for reserved ports at 600
-ifelse(eval($3 >= 600),1,`typeattribute $1 rpc_port_type;',`dnl')
+ifelse(eval(range_start($3) >= 600),1,`typeattribute $1 rpc_port_type;',`dnl')
 ',`dnl')
 portcon $2 $3 gen_context(system_u:object_r:$1,$4)
 ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl