Apply Jesse Shrieve's SNAT patch

Shorewall/Perl/Shorewall/Nat.pm

@@ -239,7 +239,11 @@ sub process_one_masq( )
 			if ( $addr =~ /^.*\..*\..*\./ ) {
 			    $target = '-j SNAT ';
 			    my ($ipaddr, $rest) = split ':', $addr;
-			    validate_address $ipaddr, 0;
+			    if ( $addr =~ /^(.+)-(.+)$/ ) {
+				validate_range( $1, $2 );
+			    } else {
+				validate_address $ipaddr, 0;
+			    }
 			    $addrlist .= "--to-source $addr ";
 			    $exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
 			} else {

Shorewall/changelog.txt

@@ -18,6 +18,8 @@ Changes in Shorewall 4.4.2
 
 8)  Don't look for an extension script for built-in actions.
 
+9)  Apply Jesse Shrieve's patch for SNAT range.
+
 Changes in Shorewall 4.4.1
 
 1)  Deleted extra 'use ...IPAddrs.pm' from Nat.pm.

Shorewall/releasenotes.txt

@@ -207,6 +207,10 @@ Shorewall 4.4.2
     d)  RFC1918_STRICT=Yes no loger produces a fatal error -- it is now
         a warning.
 
+6)  Previously, it was not possible to specify an IP address range in
+    ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee Shrieve
+    for the patch.
+
 ----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------