Apply 4.0.4-pre fixes to trunk

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7384 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-perl/Shorewall/Chains.pm

@@ -966,9 +966,13 @@ sub mac_match( $ ) {
 sub verify_mark( $ ) {
     my $mark  = $_[0];
     my $limit = $config{HIGH_ROUTE_MARKS} ? 0xFFFF : 0xFF;
+    my $value = numeric_value( $mark );
 
     fatal_error "Invalid Mark or Mask value ($mark)"
-	unless numeric_value( $mark ) <= $limit;
+	unless $value <= $limit;
+
+    fatal_error "Invalid High Mark or Mask value ($mark)"
+	if ( $value > 0xFF && $value & 0xFF );
 }
 
 sub verify_small_mark( $ ) {

Shorewall-perl/Shorewall/Config.pm

@@ -863,7 +863,7 @@ sub read_a_line() {
 	    #
 	    # Ignore ( concatenated ) Blank Lines
 	    #
-	    $currentline = '', next if $currentline =~ /^\s*$/;
+	    $currentline = '', $currentlinenumber = 0, next if $currentline =~ /^\s*$/;
 
 	    #
 	    # Expand Shell Variables using %ENV

Shorewall-perl/Shorewall/Proc.pm

@@ -96,7 +96,6 @@ sub setup_route_filtering() {
 
 	save_progress_message "Setting up Route Filtering...";
 
-
 	if ( $config{ROUTE_FILTER} ) {
 	    my $val = $config{ROUTE_FILTER} eq 'on' ? 1 : 0;
 
@@ -115,7 +114,9 @@ sub setup_route_filtering() {
 		   "    error_message \"WARNING: Cannot set route filtering on $interface\"" ) unless interface_is_optional( $interface);
 	    emit   "fi\n";
 	}
-
+	#
+	# According to Documentation/networking/ip-sysctl.txt, this must be turned on to do any filtering
+	#
 	emit 'echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter';
 
 	emit "[ -n \"\$NOROUTES\" ] || ip route flush cache";

Shorewall-perl/Shorewall/Providers.pm

@@ -347,9 +347,9 @@ sub add_an_rtrule( $$$$ ) {
 	validate_net ( $source, 0 );
 	$source = "iif $interface from $source";
     } elsif ( $source =~ /\..*\..*/ ) {
+	validate_net ( $source, 0 );
 	$source = "from $source";
     } else {
-	validate_net ( $source, 0 );
 	$source = "iif $source";
     }