Update for Shorewall 2.2.0 Beta 2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1734 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-02-16 17:51:16 +01:00 · 2004-11-02 19:15:52 +00:00 · 2004-11-02 19:15:52 +00:00 · 29e3991465
commit 29e3991465
parent d69e5c496a
56 changed files with 87 additions and 77 deletions
--- a/LrpN/etc/shorewall/accounting
+++ b/LrpN/etc/shorewall/accounting
@ -1,5 +1,5 @@
 #
-# Shorewall version 2.1 - Accounting File
+# Shorewall version 2.2 - Accounting File
 #
 # /etc/shorewall/accounting
 #
--- a/LrpN/etc/shorewall/actions
+++ b/LrpN/etc/shorewall/actions
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /etc/shorewall/actions
+# Shorewall 2.2 /etc/shorewall/actions
 #
 #	This file allows you to define new ACTIONS for use in rules 
 #	(/etc/shorewall/rules). You define the iptables rules to
--- a/LrpN/etc/shorewall/blacklist
+++ b/LrpN/etc/shorewall/blacklist
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 -- Blacklist File
+# Shorewall 2.2 -- Blacklist File
 #
 # /etc/shorewall/blacklist
 #
--- a/LrpN/etc/shorewall/ecn
+++ b/LrpN/etc/shorewall/ecn
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 - /etc/shorewall/ecn
+# Shorewall 2.2 - /etc/shorewall/ecn
 #
 #	Use this file to list the destinations for which you want to
 #	disable ECN.
--- a/LrpN/etc/shorewall/hosts
+++ b/LrpN/etc/shorewall/hosts
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 - /etc/shorewall/hosts
+# Shorewall 2.2 - /etc/shorewall/hosts
 #
 #	THE ONLY TIME YOU NEED THIS FILE IS WHERE YOU HAVE MORE THAN
 #	ONE ZONE CONNECTED THROUGH A SINGLE INTERFACE.
@ -129,7 +129,11 @@
 #				       NEWNOTSYN=Yes.
 #
 #			ipsec        - The zone is accessed via a
-#				       kernel 2.6 ipsec SA.
+#				       kernel 2.6 ipsec SA. Note that if the
 #				       zone named in the ZONE column is 
 #				       specified as an IPSEC zone in the
 #				       /etc/shorewall/ipsec file then you do NOT
 #				       need to specify the 'ipsec' option here.
 #
 #ZONE		HOST(S)				OPTIONS
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
--- a/LrpN/etc/shorewall/init
+++ b/LrpN/etc/shorewall/init
@ -1,5 +1,5 @@
 ############################################################################
-# Shorewall 2.0 -- /etc/shorewall/init
+# Shorewall 2.2 -- /etc/shorewall/init
 #
 # Add commands below that you want to be executed at the beginning of
 # a "shorewall start" or "shorewall restart" command.
--- a/LrpN/etc/shorewall/initdone
+++ b/LrpN/etc/shorewall/initdone
@ -1,5 +1,5 @@
 ############################################################################
-# Shorewall 2.0 -- /etc/shorewall/initdone
+# Shorewall 2.2 -- /etc/shorewall/initdone
 #
 # Add commands below that you want to be executed during 
 # "shorewall start" or "shorewall restart" commands at the point where
--- a/LrpN/etc/shorewall/interfaces
+++ b/LrpN/etc/shorewall/interfaces
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 -- Interfaces File
+# Shorewall 2.2 -- Interfaces File
 #
 # /etc/shorewall/interfaces
 #
--- a/LrpN/etc/shorewall/ipsec
+++ b/LrpN/etc/shorewall/ipsec
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 - /etc/shorewall/ipsec
+# Shorewall 2.2 - /etc/shorewall/ipsec
 #
 #	This file defines the attributes of zones with respect to
 #	IPSEC. To use this file, you must be running a 2.6 kernel and
--- a/LrpN/etc/shorewall/maclist
+++ b/LrpN/etc/shorewall/maclist
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 - MAC list file
+# Shorewall 2.2 - MAC list file
 #
 # /etc/shorewall/maclist
 #
--- a/LrpN/etc/shorewall/masq
+++ b/LrpN/etc/shorewall/masq
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 - Masquerade file
+# Shorewall 2.2 - Masquerade file
 #
 # /etc/shorewall/masq
 #
--- a/LrpN/etc/shorewall/modules
+++ b/LrpN/etc/shorewall/modules
@ -1,5 +1,5 @@
 ##############################################################################
-# Shorewall 2.0 /etc/shorewall/modules
+# Shorewall 2.2 /etc/shorewall/modules
 #
 # This file loads the modules needed by the firewall.
 #
--- a/LrpN/etc/shorewall/nat
+++ b/LrpN/etc/shorewall/nat
@ -1,6 +1,6 @@
 ##############################################################################
 #
-# Shorewall 2.0  -- Network Address Translation Table
+# Shorewall 2.2  -- Network Address Translation Table
 #
 # /etc/shorewall/nat
 #
@ -16,6 +16,7 @@
 #	EXTERNAL	External IP Address - this should NOT be the primary
 #			IP address of the interface named in the next
 #			column and must not be a DNS Name.
 #
 #	INTERFACE	Interface that you want to EXTERNAL address to appear
 #                       on. If ADD_IP_ALIASES=Yes in shorewall.conf, you may
 #			follow the interface name with ":" and a digit to
@ -29,13 +30,16 @@
 #			particular entry, follow the interface name with
 #			":" and no digit (e.g., "eth0:").
 #	INTERNAL	Internal Address (must not be a DNS Name).
 #
 #       ALL INTERFACES  If Yes or yes, NAT will be effective from all hosts.
 #                       If No or no (or left empty) then NAT will be effective
 #                       only through the interface named in the INTERFACE
 #                       column
 #
 #       LOCAL           If Yes or yes, NAT will be effective from the firewall
 #                       system
 ##############################################################################
-#EXTERNAL	INTERFACE	INTERNAL	ALL	 		LOCAL
+#EXTERNAL	INTERFACE	INTERNAL	ALL		LOCAL
 #						INTERFACES
 #
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/LrpN/etc/shorewall/params
+++ b/LrpN/etc/shorewall/params
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /etc/shorewall/params
+# Shorewall 2.2 /etc/shorewall/params
 #
 # Assign any variables that you need here.
 #
--- a/LrpN/etc/shorewall/policy
+++ b/LrpN/etc/shorewall/policy
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 -- Policy File
+# Shorewall 2.2 -- Policy File
 #
 # /etc/shorewall/policy
 #
--- a/LrpN/etc/shorewall/proxyarp
+++ b/LrpN/etc/shorewall/proxyarp
@ -1,6 +1,6 @@
 ##############################################################################
 #
-# Shorewall 2.1 -- Proxy ARP
+# Shorewall 2.2 -- Proxy ARP
 #
 # /etc/shorewall/proxyarp
 #
--- a/LrpN/etc/shorewall/routestopped
+++ b/LrpN/etc/shorewall/routestopped
@ -1,6 +1,6 @@
 ##############################################################################
 #
-# Shorewall 2.1 -- Hosts Accessible when the Firewall is Stopped
+# Shorewall 2.2 -- Hosts Accessible when the Firewall is Stopped
 #
 # /etc/shorewall/routestopped
 #
--- a/LrpN/etc/shorewall/rules
+++ b/LrpN/etc/shorewall/rules
@ -1,5 +1,5 @@
 #
-# Shorewall version 2.1 - Rules File
+# Shorewall version 2.2 - Rules File
 #
 # /etc/shorewall/rules
 #
--- a/LrpN/etc/shorewall/start
+++ b/LrpN/etc/shorewall/start
@ -1,5 +1,5 @@
 ############################################################################
-# Shorewall 2.1 -- /etc/shorewall/start
+# Shorewall 2.2 -- /etc/shorewall/start
 #
 # Add commands below that you want to be executed after shorewall has
 # been started or restarted.
@ -7,4 +7,4 @@
 for file in /etc/shorewall/start.d/* ; do
   run_user_exit $file
 done
-    
+    
--- a/LrpN/etc/shorewall/stop
+++ b/LrpN/etc/shorewall/stop
@ -1,5 +1,5 @@
 ############################################################################
-# Shorewall 2.1 -- /etc/shorewall/stop
+# Shorewall 2.2 -- /etc/shorewall/stop
 #
 # Add commands below that you want to be executed at the beginning of a
 # "shorewall stop" command.
@ -7,4 +7,4 @@
 for file in /etc/shorewall/stop.d/* ; do
 run_user_exit $file
 done
-    
+    
--- a/LrpN/etc/shorewall/stopped
+++ b/LrpN/etc/shorewall/stopped
@ -1,5 +1,5 @@
 ############################################################################
-# Shorewall 2.1 -- /etc/shorewall/stopped
+# Shorewall 2.2 -- /etc/shorewall/stopped
 #
 # Add commands below that you want to be executed at the completion of a
 # "shorewall stop" command.
--- a/LrpN/etc/shorewall/tcrules
+++ b/LrpN/etc/shorewall/tcrules
@ -1,5 +1,5 @@
 #
-# Shorewall version 2.1 - Traffic Control Rules File
+# Shorewall version 2.2 - Traffic Control Rules File
 #
 # /etc/shorewall/tcrules
 #
--- a/LrpN/etc/shorewall/tos
+++ b/LrpN/etc/shorewall/tos
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 -- /etc/shorewall/tos
+# Shorewall 2.2 -- /etc/shorewall/tos
 #
 #	This file defines rules for setting Type Of Service (TOS)
 #
--- a/LrpN/etc/shorewall/tunnels
+++ b/LrpN/etc/shorewall/tunnels
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 - /etc/shorewall/tunnels
+# Shorewall 2.2 - /etc/shorewall/tunnels
 #
 #	This file defines IPSEC, GRE, IPIP and OPENVPN tunnels.
 #
--- a/LrpN/etc/shorewall/zones
+++ b/LrpN/etc/shorewall/zones
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /etc/shorewall/zones
+# Shorewall 2.2 /etc/shorewall/zones
 #
 # This file determines your network zones. Columns are:
 #
--- a/LrpN/usr/share/shorewall/action.AllowAuth
+++ b/LrpN/usr/share/shorewall/action.AllowAuth
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowAuth
+# Shorewall 2.2 /usr/share/shorewall/action.AllowAuth
 #
 #	This action accepts Auth (identd) traffic.
 #
--- a/LrpN/usr/share/shorewall/action.AllowDNS
+++ b/LrpN/usr/share/shorewall/action.AllowDNS
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowDNS
+# Shorewall 2.2 /usr/share/shorewall/action.AllowDNS
 #
 #	This action accepts DNS traffic.
 #
--- a/LrpN/usr/share/shorewall/action.AllowFTP
+++ b/LrpN/usr/share/shorewall/action.AllowFTP
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowFTP
+# Shorewall 2.2 /usr/share/shorewall/action.AllowFTP
 #
 #	This action accepts FTP traffic. See
 #	http://www.shorewall.net/FTP.html for additional considerations.
--- a/LrpN/usr/share/shorewall/action.AllowIMAP
+++ b/LrpN/usr/share/shorewall/action.AllowIMAP
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowIMAP
+# Shorewall 2.2 /usr/share/shorewall/action.AllowIMAP
 #
 #	This action accepts IMAP traffic (secure and insecure):
 #
--- a/LrpN/usr/share/shorewall/action.AllowNNTP
+++ b/LrpN/usr/share/shorewall/action.AllowNNTP
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowNNTP
+# Shorewall 2.2 /usr/share/shorewall/action.AllowNNTP
 #
 #	This action accepts NNTP traffic (Usenet).
 #
--- a/LrpN/usr/share/shorewall/action.AllowNTP
+++ b/LrpN/usr/share/shorewall/action.AllowNTP
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowNTP
+# Shorewall 2.2 /usr/share/shorewall/action.AllowNTP
 #
 #	This action accepts NTP traffic (ntpd).
 #
@ -7,4 +7,5 @@
 #TARGET  SOURCE		DEST      	PROTO	DEST    SOURCE	   ORIGINAL	RATE
 #                       	        	PORT    PORT(S)    DEST         LIMIT
 ACCEPT	 -	        -               udp	123
 ACCEPT	 -		-		udp	1024:	123
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/LrpN/usr/share/shorewall/action.AllowPCA
+++ b/LrpN/usr/share/shorewall/action.AllowPCA
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowPCA
+# Shorewall 2.2 /usr/share/shorewall/action.AllowPCA
 #
 #	This action accepts PCAnywere (tm)
 #
--- a/LrpN/usr/share/shorewall/action.AllowPOP3
+++ b/LrpN/usr/share/shorewall/action.AllowPOP3
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowPOP3
+# Shorewall 2.2 /usr/share/shorewall/action.AllowPOP3
 #
 #	This action accepts POP3 traffic (secure and insecure):
 #
--- a/LrpN/usr/share/shorewall/action.AllowPing
+++ b/LrpN/usr/share/shorewall/action.AllowPing
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowPing
+# Shorewall 2.2 /usr/share/shorewall/action.AllowPing
 #
 #	This action accepts 'ping' requests.
 #
--- a/LrpN/usr/share/shorewall/action.AllowRdate
+++ b/LrpN/usr/share/shorewall/action.AllowRdate
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowRdate
+# Shorewall 2.2 /usr/share/shorewall/action.AllowRdate
 #
 #	This action accepts remote time retrieval (rdate).
 #
--- a/LrpN/usr/share/shorewall/action.AllowSMB
+++ b/LrpN/usr/share/shorewall/action.AllowSMB
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowSMB
+# Shorewall 2.2 /usr/share/shorewall/action.AllowSMB
 #
 #	Allow Microsoft SMB traffic. You need to invoke this action in
 #	both directions.
--- a/LrpN/usr/share/shorewall/action.AllowSMTP
+++ b/LrpN/usr/share/shorewall/action.AllowSMTP
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowSMTP
+# Shorewall 2.2 /usr/share/shorewall/action.AllowSMTP
 #
 #	This action accepts SMTP (email) traffic.
 #
--- a/LrpN/usr/share/shorewall/action.AllowSNMP
+++ b/LrpN/usr/share/shorewall/action.AllowSNMP
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowSNMP
+# Shorewall 2.2 /usr/share/shorewall/action.AllowSNMP
 #
 #	This action accepts SNMP traffic (including traps):
 #
--- a/LrpN/usr/share/shorewall/action.AllowSSH
+++ b/LrpN/usr/share/shorewall/action.AllowSSH
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowSSH
+# Shorewall 2.2 /usr/share/shorewall/action.AllowSSH
 #
 #	This action accepts secure shell (SSH) traffic.
 #
--- a/LrpN/usr/share/shorewall/action.AllowTelnet
+++ b/LrpN/usr/share/shorewall/action.AllowTelnet
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowTelnet
+# Shorewall 2.2 /usr/share/shorewall/action.AllowTelnet
 #
 #	This action accepts Telnet traffic. For traffic over the
 #	internet, telnet is inappropriate; use SSH instead
--- a/LrpN/usr/share/shorewall/action.AllowTrcrt
+++ b/LrpN/usr/share/shorewall/action.AllowTrcrt
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowTrcrt
+# Shorewall 2.2 /usr/share/shorewall/action.AllowTrcrt
 #
 #	This action accepts Traceroute (for up to 20 hops):
 #
--- a/LrpN/usr/share/shorewall/action.AllowVNC
+++ b/LrpN/usr/share/shorewall/action.AllowVNC
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowVNC
+# Shorewall 2.2 /usr/share/shorewall/action.AllowVNC
 #
 #	This action accepts VNC traffic for VNC display's 0 - 9.
 #
--- a/LrpN/usr/share/shorewall/action.AllowVNCL
+++ b/LrpN/usr/share/shorewall/action.AllowVNCL
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowVNCL
+# Shorewall 2.2 /usr/share/shorewall/action.AllowVNCL
 #
 #	This action accepts VNC traffic from Vncservers to Vncviewers in listen mode.
 #
--- a/LrpN/usr/share/shorewall/action.AllowWeb
+++ b/LrpN/usr/share/shorewall/action.AllowWeb
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.AllowWeb
+# Shorewall 2.2 /usr/share/shorewall/action.AllowWeb
 #
 #	This action accepts WWW traffic (secure and insecure):
 #
@ -7,5 +7,5 @@
 #TARGET  SOURCE		DEST      	PROTO	DEST    SOURCE	 	RATE	USER/
 #                       	        	PORT    PORT(S)		LIMIT	GROUP
 ACCEPT	 -		-		tcp	80
-ACCEPT	 -		-		TCP	443
+ACCEPT	 -		-		tcp	443
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/LrpN/usr/share/shorewall/action.Drop
+++ b/LrpN/usr/share/shorewall/action.Drop
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.Drop
+# Shorewall 2.2 /usr/share/shorewall/action.Drop
 #
 #	The default DROP common rules
 #
--- a/LrpN/usr/share/shorewall/action.DropDNSrep
+++ b/LrpN/usr/share/shorewall/action.DropDNSrep
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.DropDNSrep
+# Shorewall 2.2 /usr/share/shorewall/action.DropDNSrep
 #
 #	This action silently drops DNS UDP replies
 #
--- a/LrpN/usr/share/shorewall/action.DropPing
+++ b/LrpN/usr/share/shorewall/action.DropPing
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.DropPing
+# Shorewall 2.2 /usr/share/shorewall/action.DropPing
 #
 #	This action silently drops 'ping' requests.
 #
--- a/LrpN/usr/share/shorewall/action.DropSMB
+++ b/LrpN/usr/share/shorewall/action.DropSMB
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.DropSMB
+# Shorewall 2.2 /usr/share/shorewall/action.DropSMB
 #
 #	This action silently drops Microsoft SMB traffic
 #
--- a/LrpN/usr/share/shorewall/action.DropUPnP
+++ b/LrpN/usr/share/shorewall/action.DropUPnP
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.DropUPnP
+# Shorewall 2.2 /usr/share/shorewall/action.DropUPnP
 #
 #	This action silently drops UPnP probes on UDP port 1900
 #
--- a/LrpN/usr/share/shorewall/action.Reject
+++ b/LrpN/usr/share/shorewall/action.Reject
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.Reject
+# Shorewall 2.2 /usr/share/shorewall/action.Reject
 #
 #	The default REJECT action common rules
 #
--- a/LrpN/usr/share/shorewall/action.RejectAuth
+++ b/LrpN/usr/share/shorewall/action.RejectAuth
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.RejectAuth
+# Shorewall 2.2 /usr/share/shorewall/action.RejectAuth
 #
 #	This action silently rejects Auth (tcp 113) traffic
 #
--- a/LrpN/usr/share/shorewall/action.RejectSMB
+++ b/LrpN/usr/share/shorewall/action.RejectSMB
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/action.RejectSMB
+# Shorewall 2.2 /usr/share/shorewall/action.RejectSMB
 #
 #	This action silently rejects Microsoft SMB traffic
 #
--- a/LrpN/usr/share/shorewall/action.template
+++ b/LrpN/usr/share/shorewall/action.template
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /etc/shorewall/action.template
+# Shorewall 2.2 /etc/shorewall/action.template
 #
 #	This file is a template for files with names of the form 
 #	/etc/shorewall/action.<action-name> where <action> is an
--- a/LrpN/usr/share/shorewall/actions.std
+++ b/LrpN/usr/share/shorewall/actions.std
@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 /usr/share/shorewall/actions.std
+# Shorewall 2.2 /usr/share/shorewall/actions.std
 #
 #
 # Builtin Actions are:
--- a/LrpN/usr/share/shorewall/firewall
+++ b/LrpN/usr/share/shorewall/firewall
@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V2.1
+#     The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V2.2
 #
 #     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
 #
@ -1986,7 +1986,6 @@ setup_mac_lists() {
    #
    # Process the maclist file producing the verification rules
    #
    while read interface mac addresses; do
 	expandv interface mac addresses
@ -2750,7 +2749,7 @@ check_config() {
    echo "Determining Zones..."
    determine_zones
-    check_dupliate_zones
+    check_duplicate_zones
    [ -z "$zones" ] && startup_error "ERROR: No Zones Defined"
@ -5834,20 +5833,22 @@ add_common_rules() {
 		    ;;
 	    esac
-	    run_iptables2 -A norfc1918 $(source_ip_range $networks) -j $target
+	    for network in $(separate_list $networks); do
-
+		run_iptables2 -A norfc1918 $(source_ip_range $network) -j $target
-	    if [ -n "$CONNTRACK_MATCH" ]; then
+	
-		#
+		if [ -n "$CONNTRACK_MATCH" ]; then
-		# We have connection tracking match -- match on the original destination
+		    #
-		#
+		    # We have connection tracking match -- match on the original destination
-		run_iptables2 -A norfc1918 -m conntrack --ctorigdst $networks -j $target
+		    #
-	    elif [ -n "$MANGLE_ENABLED" ]; then
+		    run_iptables2 -A norfc1918 -m conntrack --ctorigdst $network -j $target
-		#
+		elif [ -n "$MANGLE_ENABLED" ]; then
-		# No connection tracking match but we have mangling -- add a rule to
+		    #
-		# the mangle table
+		    # No connection tracking match but we have mangling -- add a rule to
-		#
+		    # the mangle table
-		run_iptables2 -t mangle -A man1918 $(dest_ip_range $networks) -j $target
+		    #
-	    fi
+		    run_iptables2 -t mangle -A man1918 $(dest_ip_range $network) -j $target
 		fi
 	    done
 	done < $TMP_DIR/rfc1918
 	for host in $hosts; do
--- a/LrpN/usr/share/shorewall/version
+++ b/LrpN/usr/share/shorewall/version
@ -1 +1 @@
-2.2.0-Beta1
+2.2.0-Beta2