diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 7fa83dcea..e6bf77b29 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -2,6 +2,8 @@ Changes in 3.4.0 Final 1) Add missing logic for "!" rules. +2) Restore missing function merge_macro_source_dest. + Changes in 3.4.0 RC 3 1) Add warning about 'loose' and 'balance' diff --git a/Shorewall/compiler b/Shorewall/compiler index c422b9bb8..52c8af613 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -2068,6 +2068,27 @@ process_ratelimit() { fi } +# +# Combine a source/dest from the macro body with one from the macro invocation +# +merge_macro_source_dest() # $1 = source/dest from macro body, $2 = source/dest from invocation +{ + case $2 in + -) + echo ${1} + ;; + *.*.*|+*|~*|!~*) + # + # Value in the invocation is an address -- put it behind the value from the macro + # + echo ${1}:${2} + ;; + *) + echo ${2}:${1} + ;; + esac +} + # # Process a record from the rules file # diff --git a/Shorewall/lib.actions b/Shorewall/lib.actions index 797a125c7..3760bd590 100644 --- a/Shorewall/lib.actions +++ b/Shorewall/lib.actions @@ -540,8 +540,6 @@ merge_levels() # $1=level at which superior action is called, $2=level at which # c) A dependency graph is created. For each , the variable 'requiredby_' lists the # action[:level[:tag]] of each action invoked by . # d) All actions are listed in the global variable ACTIONS. -# e) Common actions are recorded (in variables of the name _common) and are added to the global -# USEDACTIONS # # As the rules file is scanned, each action[:level[:tag]] is merged onto the USEDACTIONS list. When an # is merged onto this list, its action chain is created. Where logging is specified, a chain with the name diff --git a/Shorewall/lib.nat b/Shorewall/lib.nat index 131fc4e1b..2b3d67b9c 100644 --- a/Shorewall/lib.nat +++ b/Shorewall/lib.nat @@ -506,7 +506,7 @@ setup_nat() { addnatrule nat_out -s $internal $policyout -j SNAT --to-source $external else addnatrule $(input_chain $iface) -d $external $policyin -j DNAT --to-destination $internal - addnatrule $(output_chain $iface) -s $internal $policyout -j SNAT --to-source $external + addnatrule $(output_chain $iface) -s $internal $policyout -j SNAT --to-source $external fi [ -n "$localnat" ] && \ diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 2660feeca..3d79fd9a0 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -34,6 +34,11 @@ Problems Corrected in 3.4.0 Final. exempt the rule from being suppressed by OPTIMIZE=1. That feature was not working. +2) If both a macro body and a macro invocation contained an entry in the + SOURCE or DEST column, then compilation failed with the error: + + merge_macro_source_dest: command not found + Migration Considerations: If you are migrating from a Shorewall version earlier than 3.2.0 then