Fix to dynamic rules restoration change

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5424 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/compiler

@@ -5358,10 +5358,14 @@ if [ -f \${VARDIR}/save ]; then
             DROP|reject|logdrop|logreject)
                 case \$rest in
                     \$rangematch*)
-                        run_iptables -A dynamic -m iprange --src-range \${rest#source IP range}
+                        run_iptables -A dynamic -m iprange --src-range \${rest#source IP range} -j \$target
                         ;;
                     *)
-                        run_iptables -A dynamic -s \$address -j \$target
+                        if [ -z "\$rest" ]; then
+                            run_iptables -A dynamic -s \$address -j \$target
+                        else
+                            error_message "WARNING: Unable to restore dynamic rule \"\$target \$ignore1 \$ignore2 \$address \$ignore3 \$rest\""
+                        fi
                         ;;
                 esac
                 ;;

Shorewall/lib.cli

@@ -842,7 +842,7 @@ make_verbose() {
 #
 # Executor for drop,reject,... commands
 #
-block() # $1 = command, $2 = Finished, $3 = Original Command $4 - $n addresses
+block() # $1 = command, $2 = Finished, $3 - $n addresses
 {
     local chain=$1 finished=$2
 

Shorewall/releasenotes.txt

@@ -32,6 +32,11 @@ Problems Corrected in 3.4.0 Final
 
 1)  The route_rules file was being ignored. This has been corrected.
 
+2)  If an IP range was specified in a 'drop' or 'reject' (including the
+    logging forms) and a 'shorewall save' was performed, then the next
+    time that Shorewall was restarted, new connections from outside the
+    firewall were totally blocked.
+
 Other Changes in 3.4.0 Final
 
 1)  A warning is now issued when 'loose' and 'balance' are specified together