From 2e8224e5ca7506cfb0bd8caa77fc6d6418dc93fd Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sat, 13 Dec 2008 00:27:26 +0000
Subject: [PATCH] Fix several bugs and whitespace differences from previous
 versions

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9013 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Compiler.pm  | 28 ++++++++++++++++-----------
 Shorewall-perl/Shorewall/Proc.pm      |  8 +++++---
 Shorewall-perl/Shorewall/Providers.pm |  4 ++--
 Shorewall-perl/Shorewall/Rules.pm     |  2 +-
 4 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm
index 48954533a..8a60a74e2 100644
--- a/Shorewall-perl/Shorewall/Compiler.pm
+++ b/Shorewall-perl/Shorewall/Compiler.pm
@@ -265,14 +265,14 @@ sub compile_stop_firewall() {
 # Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
 #
 stop_firewall() {
-
-    deletechain() {
 EOF
 
     if ( $family == F_IPV4 ) {
-	emit '        qt $IPTABLES -L $1 -n && qt $IPTABLES -F $1 && qt $IPTABLES -X $1';
+	emit( '    deletechain() {',
+	      '        qt $IPTABLES -L $1 -n && qt $IPTABLES -F $1 && qt $IPTABLES -X $1' );
     } else {
-	emit '        qt $IPTABLES -L $1 -n && qt $IPTABLES -F $1 && qt $IPTABLES -X $1';
+	emit( '    deletechain() {',
+	      '         qt $IPTABLES -L $1 -n && qt $IPTABLES -F $1 && qt $IPTABLES -X $1' );
     }
 
     emit <<'EOF';
@@ -382,19 +382,23 @@ EOF
     }
 
     if ( $capabilities{RAW_TABLE} ) {
-	emit <<'EOF';
+	if ( $family == F_IPV4 ) {
+	    emit <<'EOF';
     run_iptables -t raw -F
     run_iptables -t raw -X
     for chain in PREROUTING OUTPUT; do
+        qt1 $IPTABLES -t raw -P $chain ACCEPT
+    done
 EOF
-
-	if ( $family == F_IPV4 ) {
-	    emit '        qt1 $IPTABLES -t raw -P $chain ACCEPT';
 	} else {
-	    emit '        qt1 $IP6TABLES -t raw -P $chain ACCEPT';
+	    emit <<'EOF';
+    run_iptables -t raw -F
+    run_iptables -t raw -X
+    for chain in PREROUTING OUTPUT; do
+        qt1 $IP6TABLES -t raw -P $chain ACCEPT
+    done
+EOF
 	}
-
-	emit '    done';
     }
 
     if ( $capabilities{NAT_ENABLED} ) {
@@ -531,6 +535,8 @@ EOF
 	}
     }
 
+    emit '';
+
     if ( $family == F_IPV4 ) {
 	if ( $config{IP_FORWARDING} eq 'on' ) {
 	    emit( 'echo 1 > /proc/sys/net/ipv4/ip_forward',
diff --git a/Shorewall-perl/Shorewall/Proc.pm b/Shorewall-perl/Shorewall/Proc.pm
index 51d26a432..8cdb99166 100644
--- a/Shorewall-perl/Shorewall/Proc.pm
+++ b/Shorewall-perl/Shorewall/Proc.pm
@@ -207,8 +207,9 @@ sub setup_forwarding( $ ) {
 	} elsif ( $config{IP_FORWARDING} eq 'off' ) {
 	    emit '        echo 0 > /proc/sys/net/ipv4/ip_forward';
 	    emit '        progress_message2 IPv4 Forwarding Disabled!';
-	    emit '';
 	}
+
+	emit '';
     } else {
 	if ( $config{IP_FORWARDING} eq 'on' ) {
 	    emit '        echo 1 > /proc/sys/net/ipv6/conf/all/forwarding';
@@ -216,9 +217,10 @@ sub setup_forwarding( $ ) {
 	} elsif ( $config{IP_FORWARDING} eq 'off' ) {
 	    emit '        echo 0 > /proc/sys/net/ipv6/conf/all/forwarding';
 	    emit '        progress_message2 IPv6 Forwarding Disabled!';
-	    emit '';
 	}
-
+	
+	emit '';
+	
 	my $interfaces = find_interfaces_by_option 'forward';
 
 	if ( @$interfaces ) {
diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm
index b9e401db5..69805ea9d 100644
--- a/Shorewall-perl/Shorewall/Providers.pm
+++ b/Shorewall-perl/Shorewall/Providers.pm
@@ -366,7 +366,7 @@ sub add_a_provider( $$$$$$$$ ) {
 	}
     } elsif ( $shared ) {
 	emit  "qt ip -$family rule del from $address" if $config{DELETE_THEN_ADD};
-	emit( "run_ip -$family rule add from $address pref 20000 table $number" ,
+	emit( "run_ip rule add from $address pref 20000 table $number" ,
 	      "echo \"qt ip -$family rule del from $address\" >> \${VARDIR}/undo_routing" );
     } else {
 	my $rulebase = 20000 + ( 256 * ( $number - 1 ) );
@@ -457,7 +457,7 @@ sub add_an_rtrule( $$$$ ) {
 	push_indent;
     }
 
-    emit ( "run_ip -$family rule add $source $dest $priority table $number",
+    emit ( "run_ip rule add $source $dest $priority table $number",
 	   "echo \"qt ip -$family rule del $source $dest $priority\" >> \${VARDIR}/undo_routing" );
 
     pop_indent, emit ( "fi\n" ) if $optional;
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index a07b2fc17..c96b56750 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -443,7 +443,7 @@ sub process_routestopped() {
 		    }
 		} elsif ( $option eq 'dest' ) {
 		    for my $host ( split /,/, $hosts ) {
-			$dest{"$interface|host"} = 1;
+			$dest{"$interface|$host"} = 1;
 		    }
 		} else {
 		    warning_message "Unknown routestopped option ( $option ) ignored" unless $option eq 'critical';