Disallow more than one address[-range] in SNAT rules

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Nat.pm

@@ -232,7 +232,7 @@ sub process_one_masq1( $$$$$$$$$$$$ )
 		    my $addrlist = '';
 		    my @addrs = split_list $addresses, 'address';
 
-		    fatal_error "Only one IPv6 ADDRESS may be specified" if $family == F_IPV6 && @addrs > 1;
+		    fatal_error "Only one ADDRESS may be specified" if @addrs > 1;
 
 		    for my $addr ( @addrs ) {
 			if ( $addr =~ /^([&%])(.+)$/ ) {

Shorewall/Perl/Shorewall/Rules.pm

@@ -5456,6 +5456,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
 	my $rule = '';
 	my $saveaddresses = $addresses;
 	my $savetarget    = $target;
+	my $savebaserule  = $baserule;
 	my $interface = $fullinterface;
 
 	$interface =~ s/:.*//;   #interface name may include 'alias'
@@ -5509,7 +5510,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
 		my $addrlist = '';
 		my @addrs = split_list $addresses, 'address';
 
-		fatal_error "Only one IPv6 ADDRESS may be specified" if $family == F_IPV6 && @addrs > 1;
+		fatal_error "Only one ADDRESS may be specified" if @addrs > 1;
 
 		for my $addr ( @addrs ) {
 		    if ( $addr =~ /^([&%])(.+)$/ ) {
@@ -5724,6 +5725,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
 
 	$addresses = $saveaddresses;
 	$target    = $savetarget;
+	$baserule  = $savebaserule;
     }
 
     progress_message "   Snat record \"$currentline\" $done"

Shorewall/manpages/shorewall-masq.xml

@@ -164,7 +164,7 @@
       <varlistentry>
         <term><emphasis role="bold">ADDRESS</emphasis> (Optional) - [<emphasis
         role="bold">-</emphasis>|<emphasis
-        role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis
+        role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis
         role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
         role="bold">:random</emphasis>][:persistent]|<emphasis
         role="bold">detect</emphasis>|<emphasis

Shorewall/manpages/shorewall-snat.xml

@@ -75,7 +75,7 @@
 
             <varlistentry>
               <term><emphasis
-              role="bold">SNAT[+]</emphasis>([<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis
+              role="bold">SNAT[+]</emphasis>([<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis
               role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
               role="bold">:random</emphasis>][:<option>persistent</option>]|<emphasis
               role="bold">detect</emphasis>|</term>

Shorewall6/manpages/shorewall6-masq.xml

@@ -125,7 +125,7 @@
       <varlistentry>
         <term><emphasis role="bold">ADDRESS</emphasis> (Optional) - [<emphasis
         role="bold">-</emphasis>|<emphasis
-        role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis
+        role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis
         role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
         role="bold">:random</emphasis>][:persistent]|<emphasis
         role="bold">detect</emphasis>|<emphasis

Shorewall6/manpages/shorewall6-snat.xml

@@ -75,7 +75,7 @@
 
             <varlistentry>
               <term><emphasis
-              role="bold">SNAT</emphasis>[+]([<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis
+              role="bold">SNAT</emphasis>[+]([<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis
               role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
               role="bold">:random</emphasis>][:<option>persistent</option>]|<emphasis
               role="bold">detect</emphasis>|</term>