diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index d7e1e423e..3fc87666d 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -10,6 +10,8 @@ Changes in 3.0.4 5) Fix bug in NONE intra-zone policy handling. +6) Fix bug in RETAIN_ALIASES=Yes. + Changes in 3.0.3 1) Implement "shorewall show macros" diff --git a/Shorewall/firewall b/Shorewall/firewall index c673b44ec..11d271a55 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -3021,7 +3021,8 @@ setup_nat() { do_one_nat() { local add_ip_aliases=$ADD_IP_ALIASES iface=${interface%:*} - if [ -n "$add_ip_aliases" ]; then + if [ -n "$ + _aliases" ]; then case $interface in *:) interface=${interface%:} @@ -7581,7 +7582,11 @@ add_ip_aliases() shift;shift - list_search $external $(find_interface_addresses $interface) || do_one + if list_search $external $(find_interface_addresses $interface) ; then + save_command qt ip addr add ${external}$(address_details) dev $interface $label + else + do_one + fi done } diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 4798eede3..0fa414876 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -60,6 +60,16 @@ Problems Corrected in 3.0.4 3) Previously, an intra-zone policy of NONE would cause a startup error. That problem has been corrected. +4) When RETAIN_ALIASES=Yes, the script produced by "shorewall save" did not + add the retained aliases. This means that the following sequence of + events resulted in missing aliases: + + shorewall start + shorewall restart + shorewall save + reboot + shorewall -f start (which is the default during boot up) + New Features in 3.0.4 1) By popular demand, the 'Limit' action described at