From 109affced30002ee712faca439353266acd2467d Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 1 Aug 2006 18:40:16 +0000
Subject: [PATCH] Restore physdev capability test

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4287 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/compiler  | 6 ++----
 Shorewall/functions | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/Shorewall/compiler b/Shorewall/compiler
index a6ff19410..d57f4eff8 100755
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@@ -2213,13 +2213,11 @@ setup_ipsec() {
 
     do_options() # $1 = _in, _out or "" - $2 = option list
     {
-	local option opts newoptions= val
+	local option newoptions= val
 
 	[ x${2} = x- ] && return
 
-	opts=$(separate_list $2)
-
-	for option in $opts; do
+	for option in $(separate_list $2); do
 	    val=${option#*=}
 
 	    case $option in
diff --git a/Shorewall/functions b/Shorewall/functions
index bf4d134a0..3c9544fa7 100644
--- a/Shorewall/functions
+++ b/Shorewall/functions
@@ -1219,7 +1219,7 @@ determine_capabilities() {
     qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21:22 -j ACCEPT               && XMULTIPORT=Yes
     qt $IPTABLES -A fooX1234 -m policy --pol ipsec --mode tunnel --dir in -j ACCEPT     && POLICY_MATCH=Yes
 
-    if qt $IPTABLES -A fooX1234 -m physdev --physdev-out eth0 -j ACCEPT; then
+    if qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT; then
 	PHYSDEV_MATCH=Yes
 	qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth1 -m physdev --physdev-out eth1 -j ACCEPT && KLUDGEFREE=Yes
     fi