Fix brain-dead ipsec option handling in setup_masq()

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1873 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -200,3 +200,5 @@ Changes since 2.0.3
 97) Fix <if>:: handling in setup_masq().
 
 98) Fix mis-leading typo in tunnels.
+
+99) Fix brain-dead ipsec option handling in setup_masq().

Shorewall2/firewall

@@ -4879,10 +4879,9 @@ get_routed_networks() # $1 = interface name
 setup_masq()
 {
     do_ipsec_options() {
-	local options=$(separate_list $ipsec) option 
+	local options="$(separate_list $ipsec)" option 
-	policy ="-m policy --pol ipsec --dir out"
+	policy="-m policy --pol ipsec --dir out"
 
-	options=$(separate_list $options)
 	for option in $options; do
 	    case $option in
 		strict)         policy="$policy --strict" ;;
@@ -4921,7 +4920,11 @@ setup_masq()
 		policy="-m policy --pol none --dir out"
 		;;
 	    *)
-		[ -n "$ipsec" ] && do_ipsec_options || [ -n "$POLICY_MATCH" ] && policy="-m policy --pol none --dir out"
+		if [ -n "$ipsec" ]; then
+		    do_ipsec_options
+		elif [ -n "$POLICY_MATCH" ]; then
+		    policy="-m policy --pol none --dir out"
+		fi
 		;;
 	esac
 

Shorewall2/releasenotes.txt

@@ -1,4 +1,4 @@
-Shorewall 2.2.0-RC3
+Shorewall 2.2.0-RC4
 
 ----------------------------------------------------------------------
 Problems Corrected since 2.0.3
@@ -207,6 +207,12 @@ Problems corrected since 2.2.0 RC2
    an iptables rule. 
 
 4) A misleading typo in /etc/shorewall/tunnels has been corrected.
+
+Problems corrected since 2.2.0 RC3
+
+1) Several problems associated with processing the IPSEC colummn in
+   /etc/shorewall/masq have been corrected.
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0 to Shorewall 2.2: