From 65165f429a4c0d8c62f961fc3402f1f2290cc467 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 19 Jan 2006 16:04:07 +0000
Subject: [PATCH] Clarify GATEWAY ZONE in tunnels file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3324 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 14 ++------------
 Shorewall/tunnels  |  4 +++-
 2 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index 5bd64e172..2a65125f4 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -2378,7 +2378,7 @@ setup_tunnels() # $1 = name of tunnels file
 	progress_message "   OPENVPN client tunnel to $1:$protocol:$p defined."
     }
 
-    setup_one_generic() # $1 = gateway, $2 = kind:protocol[:port], $3 = Gateway Zone
+    setup_one_generic() # $1 = gateway, $2 = kind:protocol[:port]
     {
 	local protocol
 	local p=
@@ -2403,16 +2403,6 @@ setup_tunnels() # $1 = name of tunnels file
 	addrule2 $inchain  -p $protocol $(source_ip_range $1) $p -j ACCEPT
 	addrule2 $outchain -p $protocol $(dest_ip_range $1)   $p -j ACCEPT
 
-	for z in $(separate_list $3); do
-	    if validate_zone $z; then
-		addrule ${FW}2${z} -p $protocol $p -j ACCEPT
-		addrule ${z}2${FW} -p $protocol $p -j ACCEPT
-	    else
-		error_message "WARNING: Invalid gateway zone ($z)" \
-		" -- Tunnel \"$tunnel\" may encounter problems"
-	    fi
-	done
-
 	progress_message "   GENERIC tunnel to $1:$p defined."
     }
 
@@ -2457,7 +2447,7 @@ setup_tunnels() # $1 = name of tunnels file
 		    setup_one_openvpn_server $gateway $kind
 		    ;;
 		generic:*|GENERIC:*)
-		    setup_one_generic $gateway $kind $z1
+		    setup_one_generic $gateway $kind
 		    ;;
 		*)
 		    error_message "WARNING: Tunnels of type $kind are not supported:" \
diff --git a/Shorewall/tunnels b/Shorewall/tunnels
index 38029d903..08b5cb5ee 100644
--- a/Shorewall/tunnels
+++ b/Shorewall/tunnels
@@ -55,7 +55,9 @@
 #			column is a standalone host then this column should
 #			contain a comma-separated list of the names of the
 #			zones that the host might be in. This column only
-#			applies to IPSEC and generic tunnels.
+#			applies to IPSEC tunnels where it enables ISAKMP
+#			traffic to flow through the tunnel to the remote
+#			gateway.
 #
 #		Example 1:
 #