Disallow wildcard optional/required interfaces

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Zones.pm

@@ -937,6 +937,8 @@ sub process_interface( $$ ) {
 	    $hostoptions{routeback} = $options{routeback} = 1;
 	}
 
+	fatal_error "Optional and Required interfaces may not have wildcard names" if ( $wildcard || $physical =~ /\+/ ) && ( $options{optional} || $options{required} );
+
 	$hostoptions{routeback} = $options{routeback} = is_a_bridge( $physical ) unless $export || $options{routeback};
 
 	$hostoptionsref = \%hostoptions;

Shorewall/changelog.txt

@@ -14,6 +14,8 @@ Changes in Shorewall 4.4.10
 
 7)  Rename PREFIX to DESTDIR in install scripts
 
+8)  Optional/required interfaces with wildcard names disallowed.
+
 Changes in Shorewall 4.4.9
 
 1)  Auto-detection of bridges.

Shorewall/releasenotes.txt

@@ -243,6 +243,26 @@ I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
         `sys2sys':/usr/local/libexec/xtables/libipt_sys2sys.so:
 	cannot open shared object file: No such file or directory
 
+4)  Previously, if the 'optional' option was given to an interface with
+    a wildcard physical name, specific instances of the interface were
+    never considered usable.
+
+    Example:
+
+    /etc/shorewall/interfaces:
+
+    #ZONE	INTERFACE	BROADCAST	OPTIONS
+    net		ppp+		-		optional
+
+    /etc/shorewall/providers:
+
+    #PROVIDER	NUMBER	MARK	DUPLICATE	INTERFACE	...
+    XYZTEL	1	-	main		ppp0
+
+    The XYZTEL provider was never usable.
+
+    This configuration now generates a compile-time error.
+
 ----------------------------------------------------------------------------
            I V.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------