From 7fe7ebc89162f318a409ba977e701bd95c831f84 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 25 Feb 2010 08:44:28 -0800 Subject: [PATCH] Fix Handling of NFQUEUE(queue-num) in policies Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 2 +- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 7b170ecd6..c3c365b48 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -635,7 +635,7 @@ sub add_jump( $$$;$$$ ) { # # Ensure that we have the chain unless it is a builtin like 'ACCEPT' # - $toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{ $to }; + $toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{$to} || $to =~ / /; #If the target has options, it must be a builtin. } # diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 78c3ec44c..7c3901087 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -10,6 +10,8 @@ Changes in Shorewall 4.4.8 5) Fix Debian init script exit status +6) Fix NFQUEUE(queue-num) in policy + Changes in Shorewall 4.4.7 1) Backport optimization changes from 4.5. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 639860daa..eb23eb15b 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -243,6 +243,10 @@ I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E init script would still return a success (zero) exit status. It now returns a failure status (1) when the command fails. +9) Previously, if a queue number was specified in an NFQUEUE policy + (e.g., NFQUEUE(0)), invalid iptables-restore input would be + generated. + ---------------------------------------------------------------------------- I V. K N O W N P R O B L E M S R E M A I N I N G ----------------------------------------------------------------------------