From 8e187747095d23ebe305fbcaf8042041d8029744 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sat, 27 May 2006 15:04:41 +0000
Subject: [PATCH] Do correct fix for mac exclusion

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3947 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/compiler  | 22 +++++++---------------
 Shorewall/functions |  6 +-----
 2 files changed, 8 insertions(+), 20 deletions(-)

diff --git a/Shorewall/compiler b/Shorewall/compiler
index c11902d30..3d8d4c701 100755
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@@ -3351,7 +3351,7 @@ add_an_action()
     *.*.*|+*|!+*)
 	cli="$(source_ip_range $client)"
 	;;
-    ~*)
+    ~*|!~*)
 	cli=$(mac_match $client)
 	;;
     *)
@@ -3373,7 +3373,7 @@ add_an_action()
     *.*.*|+*|!+*)
 	serv=$server
 	;;
-    ~*)
+    ~*|!~*)
 	fatal_error "Rule \"$rule\" - Destination may not be specified by MAC Address"
 	;;
     *)
@@ -3590,10 +3590,6 @@ process_action() # $1 = chain    (Chain to add the rules to)
 	*!*!*)
 	    fatal_error "Invalid SOURCE in rule \"$rule\""
 	    ;;
-	!~*)
-	    excludesource=${clients#!}
-	    clients=
-	    ;;
 	!*)
 	    if [ $(list_count $clients) -gt 1 ]; then
 		excludesource=${clients#!}
@@ -3976,7 +3972,7 @@ merge_macro_source_dest() # $1 = source/dest from macro body, $2 = source/dest f
 	-)
 	    echo ${1}
 	    ;;
-	*.*.*|+*|~*)
+	*.*.*|+*|~*|!~*)
 	    #
 	    # Value in the invocation is an address -- put it behind the value from the macro
 	    #
@@ -4788,7 +4784,7 @@ process_rule() # $1 = target
 	    *.*.*|+*)
 		cli="$(source_ip_range $client)"
 		;;
-	    ~*)
+	    ~*|!~*)
 		cli=$(mac_match $client)
 		;;
 	    *)
@@ -4810,7 +4806,7 @@ process_rule() # $1 = target
 	    *.*.*|+*)
 		serv=$server
 		;;
-	    ~*)
+	    ~*|!~*)
 		fatal_error "Rule \"$rule\" - Destination may not be specified by MAC Address"
 		;;
 	    *)
@@ -5188,10 +5184,6 @@ __EOF__
 	*!*!*)
 	    fatal_error "Invalid SOURCE in rule \"$rule\""
 	    ;;
-	!~*)
-	    excludesource=${clients#!}
-	    clients=
-	    ;;
 	!*)
 	    if [ $(list_count $clients) -gt 1 ]; then
 		excludesource=${clients#!}
@@ -5750,7 +5742,7 @@ process_tos_rule() {
 	    #
 	    src="$(source_ip_range $src)"
 	    ;;
-	~*)
+	~*|!~*)
 	    src=$(mac_match $src)
 	    ;;
 	*)
@@ -6552,7 +6544,7 @@ process_blacklist_rec() {
 	    -)
 		source=
 		;;
-	    ~*)
+	    ~*|!~*)
 		addr=$(echo $addr | sed 's/~//;s/-/:/g')
 		source="--match mac --mac-source $addr"
 		;;
diff --git a/Shorewall/functions b/Shorewall/functions
index 81257f60d..4a167e912 100644
--- a/Shorewall/functions
+++ b/Shorewall/functions
@@ -1913,7 +1913,7 @@ process_tc_rule()
 		*.*.*|+*|!+*)
 		    r="$(source_ip_range $source) "
 		    ;;
-		~*)
+		~*|!~*)
 		    r="$(mac_match $source) "
 		    ;;
 		$FW)
@@ -2133,10 +2133,6 @@ process_tc_rule()
 	*!*!*)
 	    fatal_error "Invalid SOURCE in rule \"$rule\""
 	    ;;
-	!~*)
-	    excludesources=${sources#!}
-	    sources=-
-	    ;;
 	!*)
 	    if [ $(list_count $sources) -gt 1 ]; then
 		excludesources=${sources#!}