Allow both interface and address on source in rules file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@247 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/firewall

@@ -775,7 +775,7 @@ validate_rule() {
 	clientzone="$clients"
 	clients=
     else
-	clientzone="${clients%:*}"
+	clientzone="${clients%%:*}"
 	clients="${clients#*:}"
 	[ -z "$clientzone" -o -z "$clients" ] && \
 	   startup_error "Error: Empty source zone or qualifier: rule \"$rule\""
@@ -1631,7 +1631,11 @@ add_a_rule()
 	cli=`mac_match $client`
 	;;
     *)
+        if [ "$client" != "${client%:*}" ]; then
+	    cli="-i ${client%:*} -s ${client#*:}"
+	else
 	    cli="-i $client"
+	fi
 	;;
     esac
 
@@ -1816,7 +1820,7 @@ process_rule() {
 	clientzone="$clients"
 	clients=
     else
-	clientzone="${clients%:*}"
+	clientzone="${clients%%:*}"
 	clients="${clients#*:}"
 	[ -z "$clientzone" -o -z "$clients" ] && \
 	   fatal_error "Error: Empty source zone or qualifier: rule \"$rule\""

Shorewall/rules

@@ -56,9 +56,12 @@
 #                                               MAC address 00:A0:C9:15:39:78.
 #
 #			Alternatively, clients may be specified by interface
-#			by appending ":" followed by the interface name. For
+#			by appending ":" to the zone name followed by the
-#			example, loc:eth1 specifies a client that
+#			interface name. For example, loc:eth1 specifies a
-#			communicates with the firewall system through eth1.
+#			client that communicates with the firewall system
+#			through eth1. This may be optionally followed by
+#			another colon (":") and an IP/MAC/subnet address
+#			as described above (e.g., loc:eth1:192.168.1.5).
 #
 #	DEST		Location of Server. May be a zone defined in
 #			/etc/shorewall/zones or $FW to indicate the firewall