Fix 'newnotsyn' in hosts file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1370 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

STABLE2/changelog.txt

@@ -71,3 +71,5 @@ Changes since 2.0.1
 34) Fix dynamic in chains in the nat table.
 
 35) Load modules before detecting capabilities.
+
+36) Fix 'newnotsyn' in the hosts file.

STABLE2/firewall

@@ -4705,11 +4705,13 @@ initialize_netfilter () {
     if [ -z "$NEWNOTSYN" ]; then
 	createchain newnotsyn no
 
-	for interface in $(find_interfaces_by_option newnotsyn); do
-	    run_iptables -A newnotsyn -i $interface -p tcp --tcp-flags ACK ACK -j ACCEPT
-	    run_iptables -A newnotsyn -i $interface -p tcp --tcp-flags RST RST -j ACCEPT
-	    run_iptables -A newnotsyn -i $interface -p tcp --tcp-flags FIN FIN -j ACCEPT
-	    run_iptables -A newnotsyn -i $interface -j RETURN
+	for host in $(find_hosts_by_option newnotsyn); do
+	    interface=${host%%:*}
+	    network=${host#*:}
+	    run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -p tcp --tcp-flags ACK ACK -j ACCEPT
+	    run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -p tcp --tcp-flags RST RST -j ACCEPT
+	    run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -p tcp --tcp-flags FIN FIN -j ACCEPT
+	    run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -j RETURN
 	done
 
 	run_user_exit newnotsyn

STABLE2/releasenotes.txt

@@ -1,4 +1,4 @@
-Shorewall 2.0.2c
+Shorewall 2.0.2d
 
 ----------------------------------------------------------------------
 Problems Corrected since 2.0.1
@@ -37,6 +37,8 @@ Problems Corrected since 2.0.2
 6) Shorewall checks netfilter capabilities before loading kernel
    modules. Hence if kernel module autoloading isn't enabled, the
    capabilities will be misdetected.
+
+7) The 'newnotsyn' option in /etc/shorewall/hosts has no effect.
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2: