From 979f4c9a22cfcbaaab77019dec49a2b9ce961398 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 9 May 2005 20:13:34 +0000
Subject: [PATCH] More ipset tweaks

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2100 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/firewall         | 24 ++++++++++++++++--------
 Shorewall2/releasenotes.txt |  2 +-
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 900ac4094..9ca13fa5b 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -559,7 +559,7 @@ iprange_echo()
 #
 get_set_flags() # $1 = set name and optional [levels], $2 = src or dst
 {
-    local temp setname options=$2
+    local temp setname=$1 options=$2
 
     case $1 in
 	*\[[1-6]\])
@@ -570,18 +570,17 @@ get_set_flags() # $1 = set name and optional [levels], $2 = src or dst
 	       options="$options,$2"
 	       temp=$(($temp - 1))
 	    done	
-	    echo "--set ${setname#+} $options"
 	    ;;
 	*\[*\])
-            temp=${1#*\[}
-	    temp=${temp%\]}
+	    options=${1#*\[}
+	    options=${options%\]}
 	    setname=${1%\[*}
-	    echo "--set ${setname#+} $temp"
 	    ;;
 	*)
-	    echo "--set ${1#+} $2"
 	    ;;
     esac
+    
+    echo "--set ${setname#+} $options"
 }	               
 
 #
@@ -1072,7 +1071,10 @@ validate_hosts_file() {
 			   startup_error "Bridged interfaces may not be defined in /etc/shorewall/interfaces: $host"
 		       check_bridge_port ${host%%:*}
 		       ;;
-		   *.*.*.*|+*)
+		   *.*.*.*)
+		       ;;
+		   +*)
+		       eval ${z}_is_complex=Yes		       
 		       ;;
 		   *)
 		       known_interface $host && \
@@ -1080,6 +1082,12 @@ validate_hosts_file() {
 		       check_bridge_port $host
 		       ;;
 	       esac
+	   else
+	       case $host in
+		   +*)
+		       eval ${z}_is_complex=Yes		       
+		       ;;
+	       esac
 	   fi
 
 	   for option in $(separate_list $options) ; do
@@ -6798,7 +6806,7 @@ activate_rules()
 	    fi
 
 	    case $networks in
-		*.*.*.*)
+		*.*.*.*|+*)
 		    if [ "$networks" != 0.0.0.0/0 ]; then
 			if ! list_search $interface $need_broadcast ; then
 			    interface_has_option $interface detectnets && need_broadcast="$need_broadcast $interface"
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index 922d6d188..cbfd8f277 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -44,7 +44,7 @@ New Features in version 2.3.0
 
 	Example: "+Mirrors"
 
-   The name of the set may optionally followed by: 
+   The name of the set may be optionally followed by: 
    
    a) a number from 1 to 6 enclosed in square brackets ([]) -- this
    number indicates the maximum number of ipset binding levels that