Fix dropInvalid

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6005 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/changelog.txt

@@ -10,6 +10,10 @@ Changes in 3.9.3
 
 5)  Make a number of interface options binary.
 
+6)  Add wildcard edits in interface processing.
+
+7)  Fix dropInvalid.
+
 Changes in 3.9.2
 
 1)  Implement '-C {shell|perl}'.

Shorewall-common/releasenotes.txt

@@ -37,6 +37,9 @@ Problems corrected in Shorewall 3.9.3
    - All addresses
    - Routed networks
 
+5) The 'dropInvalid' now correctly generates a DROP rule rather than a
+   REJECT rule.
+
 Other changes in Shorewall 3.9.3
 
 1)  An 'optional' option has been added to
@@ -70,6 +73,9 @@ Other changes in Shorewall 3.9.3
     interfaces for which the option is specified and will set the
     option to the given value.
 
+    A fatal compilation error is also generated if you specify one of
+    these options with a wildcard interface (one ending with '+').
+
 Migration Considerations:
 
 1)  You cannot simply upgrade your existing Shorewall package. You must

Shorewall-perl/Shorewall/Actions.pm

@@ -526,7 +526,7 @@ sub process_actions3 () {
 	my ($chainref, $level, $tag) = @_;
 
 	log_rule_limit $level, $chainref, 'dropInvalid' , 'DROP', '', $tag, 'add', '-m state --state INVALID ' if $level;
-	add_rule $chainref , '-m state --state INVALID -j REJECT';
+	add_rule $chainref , '-m state --state INVALID -j DROP';
     }
 
     sub allowInvalid ( $$$ ) {