Allow interface in tcrules DEST for CLASSIFY rules

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1739 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -126,3 +126,5 @@ Changes since 2.0.3
 60) Restore missing '#' in the rfc1918 file.
 
 61) Add note for Slackware users to INSTALL.
+
+62) Allow interface in DEST tcrules column.

Shorewall2/firewall

@@ -2344,7 +2344,16 @@ process_tc_rule()
 
 	[ -n "$marktest" ] && r="${r}-m ${marktest}--mark $testval "
 
-	[ "x$dest"   = "x-"  ] || r="${r}$(dest_ip_range $dest) "
+	if [ "x$dest" != "x-"  ]; then
+	    case $dest in
+		*.*.*)
+		    r="${r}$(dest_ip_range $dest) "
+		    ;;
+		*)
+		    r="${r}$(match_dest_dev $dest) "
+		    ;;
+	    esac
+	fi
 
 	if [ "x$proto" = xipp2p ]; then
 	    [ "x$port" = "x-" ] && port="ipp2p"

Shorewall2/releasenotes.txt

@@ -523,7 +523,10 @@ New Features:
 
 	#MARK/      SOURCE       DEST      PROTO     PORT(S)
 	#CLASSIFY
-	1:30	    -		 -	   tcp	     25
+	1:30	    -		 eth0	   tcp	     25
+
+    Note that when using this form of rule, it is acceptable to include
+    the name of an interface in the DEST column.
 
     Marking using the CLASSIFY target always occurs in the POSTROUTING
     chain of the mangle table and is not affected by the setting of

Shorewall2/tcrules

@@ -92,6 +92,10 @@
 #			iptables include iprange match support, IP address
 #			ranges are also allowed.
 #
+#                       If the MARK column specificies a classification of
+#                       the form <major>:<minor> then this column may also
+#                       contain an interface name.
+#
 #	PROTO		Protocol - Must be "tcp", "udp", "icmp", "ipp2p", 
 #			a number, or "all". "ipp2p" requires ipp2p match
 #			support in your kernel and iptables.