Allow '-' in the ADDRESS/SUBNET column of the blacklist file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3099 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/blacklist

@@ -18,6 +18,10 @@
 #
 #			  Example: ~00-A0-C9-15-39-78
 #
+#			  A dash ("-") in this column means that any source
+#			  address will match. This is useful if you want to
+#			  blacklist a particular application.
+#
 #	PROTOCOL	- Optional. If specified, must be a protocol number
 #			  or a protocol name from /etc/protocols.
 #

Shorewall/changelog.txt

@@ -12,6 +12,8 @@ Changes in 3.0.3
 
 6) Add more migration information to release notes.
 
+7) Allow "-" in the ADDRESS/SUBNET column of the blacklist file.
+
 Changes in 3.0.2
 
 1) Typos in the Samples corrected.

Shorewall/firewall

@@ -7334,6 +7334,9 @@ process_blacklist_rec() {
 
     for addr in $(separate_list $networks); do
 	case $addr in
+	    -)
+		source=
+		;;
 	    ~*)
 		addr=$(echo $addr | sed 's/~//;s/-/:/g')
 		source="--match mac --mac-source $addr"

Shorewall/releasenotes.txt

@@ -57,6 +57,10 @@ New Features in 3.0.3
 
 2) The '-q' option now works with 'safe-start' and 'safe-restart'.
 
+3) The value "-" is now allowed in the ADDRESS/SUBNET column of
+   /etc/shorewall/blacklist. That value is equivalent to specifying
+   0.0.0.0/0 in that column.
+
 Problems Corrected in 3.0.2
 
 1) A couple of typos in the one-interface sample configuration have