diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 1e4a94e0b..c8ffe8a21 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1768,10 +1768,10 @@ setup_ipsec() { for z in $zones; do case $2 in _in) - set_mss1 ${z}2${zone} $1 + set_mss1 ${zone}2${z} $1 ;; _out) - set_mss1 ${zone}2${z} $1 + set_mss1 ${z}2${zone} $1 ;; *) set_mss1 ${z}2${zone} $1 diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index ca5f1f087..d0b633b82 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -89,6 +89,11 @@ Problems corrected since 2.1.11 Shorewall will now issue an error message and terminate during "shorewall [re]start" or "shorewall check". +2) If a configuration has two or more "complex" zones (zones having + IPSEC hosts or zones having more than one subnet on an interface) + then an incorrect ruleset is generated. This problem was introduced + in 2.1.11. + ----------------------------------------------------------------------- Issues when migrating from Shorewall 2.0 to Shorewall 2.1: