Fix CONTINUE policy bug and document other changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5525 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -2,6 +2,12 @@ Changes in 3.4.1
 
 1)  Add rest of proxy arp fix.
 
+2)  Fix two problems with log-prefix handling.
+
+3)  Nested Zones produced shell errors.
+
+4)  CONTINUE policies generated invalid iptables input.
+
 Changes in 3.4.0 Final
 
 1)  Add missing logic for "!" rules.

Shorewall/compiler

@@ -486,7 +486,7 @@ validate_policy()
 	    eval parents=\$${zone}_parents
 	    if [ -n "$parents" ]; then
 		for zone1 in $ZONES $FW; do 
-		    if $zone != $zone1; then
+		    if [ $zone != $zone1 ]; then
 			chain=${zone}2${zone1}
 			eval ${chain}_is_policy=Yes
 			eval ${chain}_is_optional=Yes
@@ -3067,6 +3067,8 @@ policy_rules() # $1 = chain to add rules to
 	    REJECT)
 		run_iptables -A $1 -j reject
 		;;
+	    CONTINUE)
+		;;
 	    *)
 		run_iptables -A $1 -j $target
 		;;

Shorewall/releasenotes.txt

@@ -30,14 +30,38 @@ Release Highlights
 
 Problems Corrected in 3.4.1
 
-1) The "shorewall-[lite] [re]start and stop" commands reset the
-   proxy_arp flag on all interfaces on the system making it impossible
-   to control proxy arp manually with Shorewall installed. There was a
-   partial fix included in 3.4.0; unfortunately, it did not correct the
-   problem completely. Shorewall 3.4.1 includes the rest of the change 
-   necessarey to only clear proxy arp if there were entries in
-   /etc/shorewall/proxyarp the last time that Shorewall was
-   [re]started.
+1)  The "shorewall-[lite] [re]start and stop" commands reset the
+    proxy_arp flag on all interfaces on the system making it impossible
+    to control proxy arp manually with Shorewall installed. There was a
+     partial fix included in 3.4.0; unfortunately, it did not correct the
+    problem completely. Shorewall 3.4.1 includes the rest of the change 
+    necessarey to only clear proxy arp if there were entries in
+    /etc/shorewall/proxyarp the last time that Shorewall was
+    [re]started.
+
+2)  If the log-prefix in a log message exceeded 29 characters, 
+    'shorewall restart' fails with 'truncate: command not found' and a
+    possible segmentation fault in iptables.
+
+3)  Log messages specifying a log tag had two spaces appended to the
+    log prefix. This could cause mysterious "log-prefix truncated"
+    messages. 
+
+4)  When nested zones were defined in the /etc/shorewall/zones file,
+    shell error messages ( usually '<zone>: not found' ) during
+    compilation resulted.
+
+5)  Use of CONTINUE policies lead to startup errors with a message
+    such as the following:
+
+       Applying Policies...
+       iptables v1.3.7: Couldn't load target
+       `CONTINUE':/usr/local/lib/iptables/libipt_CONTINUE.so: cannot open
+       shared object file: No such file or directory
+
+       Try `iptables -h' or 'iptables --help' for more information.
+       
+          ERROR: Command "/sbin/iptables -A net2c148 -j CONTINUE" Failed 
 
 Migration Considerations: