diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index af6d403a0..51a83f7e5 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -52,4 +52,6 @@ Changes since 2.0.1 25) Added 'initialized' extension script. -26) Renamed 'initialized' to 'initdone' \ No newline at end of file +26) Renamed 'initialized' to 'initdone' + +27) Applied Stijn Jonker's fix for "shorewall add" diff --git a/Shorewall2/firewall b/Shorewall2/firewall index bac14815f..f8d7c25db 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -5616,7 +5616,7 @@ add_to_zone() # $1 = [:] $2 = zone chain=${zone}_dnat if nat_chain_exists $chain; then - do_iptables -t nat -A $(dynamic_in) -s $host -j $chain + do_iptables -t nat -A $(dynamic_in $interface) -s $host -j $chain fi # # Insert new rules into the filter table for the passed interface diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 194626e5b..5b55d4f85 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -24,6 +24,10 @@ Problems Corrected since 2.0.2 Beta 2 1) A missing '#' in the rules file caused errors when processing the file. +2) "shorewall add" returns an error if there are DNAT rules whose + source zone is the zone being added to. Thanks to Stijn Jonker for + providing this correction. + ----------------------------------------------------------------------- Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1: @@ -223,4 +227,4 @@ New Features: at the same point as the 'common' script was previously and is useful for users who mis-used that script under Shorewall 1.x (the script was intended for adding rules to the 'common' chain but many users treated it as a script - for adding rules before Shorewall's). \ No newline at end of file + for adding rules before Shorewall's).