Add support for 'persistent'

Shorewall/Perl/Shorewall/Nat.pm

@@ -214,6 +214,7 @@ sub process_one_masq( )
 	my $detectaddress = 0;
 	my $exceptionrule = '';
 	my $randomize     = '';
+	my $persistent    = '';
 	#
 	# Parse the ADDRESSES column
 	#
@@ -221,7 +222,8 @@ sub process_one_masq( )
 	    if ( $addresses eq 'random' ) {
 		$randomize = '--random ';
 	    } else {
-		$addresses =~ s/:random$// and $randomize = '--random ';
+		$addresses =~ s/:persistent$// and $persistent = '--persistent ';
+		$addresses =~ s/:random$//     and $randomize  = '--random ';
 
 		if ( $addresses =~ /^SAME/ ) {
 		    fatal_error "The SAME target is no longer supported";
@@ -260,6 +262,7 @@ sub process_one_masq( )
 	    }
 
 	    $target .= $randomize;
+	    $target .= $persistent;
 	} else {
 	    $add_snat_aliases = 0;
 	}

Shorewall/changelog.txt

@@ -2,6 +2,10 @@ Changes in Shorewall 4.4.1
 
 1)  Deleted extra 'user ...IPAddrs.pm' from Nat.pm.
 
+2)  Deleted superfluous export from Chains.pm.
+
+3)  Added support for --persistent.
+
 Changes in Shorewall 4.4.0
 
 1)  Fix 'compile ... -' so that it no longer requires '-v-1'

Shorewall/releasenotes.txt

@@ -163,6 +163,24 @@ None.
 
 None.
 
+----------------------------------------------------------------------------
+                N E W   F E A T U R E S   I N   4 . 4 . 1
+----------------------------------------------------------------------------
+
+1)  To replace the SAME keyword in /etc/shorewall/masq, support has
+    been added for 'persistent' SNAT. Persistent SNAT is required when
+    an address range is specified in the ADDRESS column and when you
+    want a client to always receive the same source/destination IP
+    pair. It replaces SAME: which was removed in Shorewall 4.4.0.
+
+    To spacify persistence, follow the address range with
+    ":persistent".
+
+    Example:
+
+    #INTERFACE	SOURCE	   ADDRESS
+    eth0	0.0.0.0/0  206.124.146.177-206.124.146.179:persistent	
+
 ----------------------------------------------------------------------------
                  N E W   F E A T U R E S   I N   4 . 4
 ----------------------------------------------------------------------------

manpages/shorewall-masq.xml

@@ -155,7 +155,7 @@
         role="bold">-</emphasis>|<emphasis
         role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis
         role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
-        role="bold">:random</emphasis>]|<emphasis
+        role="bold">:random</emphasis>][:persistent]|<emphasis
         role="bold">detect</emphasis>|<emphasis
         role="bold">random</emphasis>]</term>
 
@@ -178,6 +178,15 @@
 
           <para>Example: 206.124.146.177-206.124.146.180</para>
 
+          <para>You may follow the port range (or <emphasis
+          role="bold">:random</emphasis>) with <emphasis
+          role="bold">:persistent</emphasis>. This is only useful when an
+          address range is specified and causes a client to be given the same
+          source/destination IP pair. This feature replaces the SAME modifier
+          which was removed from Shorewall in version 4.4.0. Unlike <emphasis
+          role="bold">random</emphasis>, <emphasis
+          role="bold">persistent</emphasis> may not be used by itself.</para>
+
           <para>You may also use the special value "detect" which causes
           Shorewall to determine the IP addresses configured on the interface
           named in the INTERFACES column and substitute them in this