Fix SAME/ADD_SNAT_ALIASES bug

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3735 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 16:13:18 +01:00 · 2006-03-25 16:58:08 +00:00 · 2006-03-25 16:58:08 +00:00 · a15f3e25c8
commit a15f3e25c8
parent 3e05dab080
3 changed files with 30 additions and 21 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -4,6 +4,8 @@ Changes in 3.2.0 Beta 3

 2)  Add IMPLICIT_CONTINUE option to shorewall.conf.

+3)  Fix SAME/ADD_SNAT_ALIASES interaction.
+
 Changes in 3.2.0 Beta 2

 1)  Make "shorewall start -f" work correctly.
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@ -6625,27 +6625,6 @@ setup_masq()
 		;;
 	esac

-	[ "x$addresses" = x- ] && addresses=
-
-	if [ -n "$addresses" -a -n "$add_snat_aliases" ]; then
-	    for address in $(separate_list $addresses); do
-		address=${address%:)}
-		if [ -n "$address" ]; then
-		    for addr in $(ip_range_explicit ${address%:*}) ; do
-			if ! list_search $addr $ALIASES_TO_ADD; then
-			    [ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface
-			    ALIASES_TO_ADD="$ALIASES_TO_ADD $addr $fullinterface"
-			    case $fullinterface in
-				*:*)
-				    fullinterface=${fullinterface%:*}:$((${fullinterface#*:} + 1 ))
-				    ;;
-			    esac
-			fi
-		    done
-		fi
-	    done
-	fi
-
 	[ "x$proto" = x- ] && proto=
 	[ "x$ports" = x- ] && ports=

@ -6788,6 +6767,8 @@ __EOF__
 	addrlist=
 	target=MASQUERADE

+	[ "x$addresses" = x- ] && addresses=
+
 	if [ -n "$addresses" ]; then
 	    case "$addresses" in
 		SAME:nodst:*)
@ -6818,6 +6799,27 @@ __EOF__
 		    done
 		    ;;
 	    esac
+
+	    if [ -n"$add_snat_aliases" ]; then
+		for address in $(separate_list $addresses); do
+		    address=${address%:)}
+		    if [ -n "$address" ]; then
+			for addr in $(ip_range_explicit ${address%:*}) ; do
+			    if ! list_search $addr $ALIASES_TO_ADD; then
+				[ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface
+				ALIASES_TO_ADD="$ALIASES_TO_ADD $addr $fullinterface"
+				case $fullinterface in
+				    *:*)
+					fullinterface=${fullinterface%:*}:$((${fullinterface#*:} + 1 ))
+					;;
+				esac
+			    fi
+			done
+		    fi
+		done
+	    fi
+
+
 	fi

 	if [ -n "$networks" ]; then
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -36,6 +36,11 @@ Problems Corrected in 3.2.0 Beta 3
    in the RPM .spec file. This prevented updated versions of the file
    from being installed properly.

+3)  If you use SAME or SAME:nodst in the ADDRESS column of /etc/shorewall/masq
+    and if you set ADD_SNAT_ALIASES=Yes in shorewall.conf, then "shorewall
+    start" will fail with the error 'Error: an inet prefix is expected rather
+    than "SAME".'.
+
 Other changes in 3.2.0 Beta 2

 2)  A new IMPLICIT_CONTINUE option has been added to shorewall.conf. When