From 167cf45cea2310028db84afd2f2c3798c1b3d90a Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 18 Sep 2002 23:38:09 +0000
Subject: [PATCH] Allow both interface and address on source in rules file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@247 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 10 +++++++---
 Shorewall/rules    |  9 ++++++---
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index e77d57d7c..0d333535c 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -775,7 +775,7 @@ validate_rule() {
 	clientzone="$clients"
 	clients=
     else
-	clientzone="${clients%:*}"
+	clientzone="${clients%%:*}"
 	clients="${clients#*:}"
 	[ -z "$clientzone" -o -z "$clients" ] && \
 	   startup_error "Error: Empty source zone or qualifier: rule \"$rule\""
@@ -1631,7 +1631,11 @@ add_a_rule()
 	cli=`mac_match $client`
 	;;
     *)
-	cli="-i $client"
+        if [ "$client" != "${client%:*}" ]; then
+	    cli="-i ${client%:*} -s ${client#*:}"
+	else
+	    cli="-i $client"
+	fi
 	;;
     esac
 
@@ -1816,7 +1820,7 @@ process_rule() {
 	clientzone="$clients"
 	clients=
     else
-	clientzone="${clients%:*}"
+	clientzone="${clients%%:*}"
 	clients="${clients#*:}"
 	[ -z "$clientzone" -o -z "$clients" ] && \
 	   fatal_error "Error: Empty source zone or qualifier: rule \"$rule\""
diff --git a/Shorewall/rules b/Shorewall/rules
index 8e686d040..00a3e3c51 100755
--- a/Shorewall/rules
+++ b/Shorewall/rules
@@ -56,9 +56,12 @@
 #                                               MAC address 00:A0:C9:15:39:78.
 #
 #			Alternatively, clients may be specified by interface
-#			by appending ":" followed by the interface name. For
-#			example, loc:eth1 specifies a client that
-#			communicates with the firewall system through eth1.
+#			by appending ":" to the zone name followed by the
+#			interface name. For example, loc:eth1 specifies a
+#			client that communicates with the firewall system
+#			through eth1. This may be optionally followed by
+#			another colon (":") and an IP/MAC/subnet address
+#			as described above (e.g., loc:eth1:192.168.1.5).
 #
 #	DEST		Location of Server. May be a zone defined in
 #			/etc/shorewall/zones or $FW to indicate the firewall