From a15f3e25c8ff47a54ae6a90f53c29b3562290e9f Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 25 Mar 2006 16:58:08 +0000 Subject: [PATCH] Fix SAME/ADD_SNAT_ALIASES bug git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3735 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 ++ Shorewall/compiler | 44 ++++++++++++++++++++------------------ Shorewall/releasenotes.txt | 5 +++++ 3 files changed, 30 insertions(+), 21 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 6341c7f7f..e91cb93ac 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -4,6 +4,8 @@ Changes in 3.2.0 Beta 3 2) Add IMPLICIT_CONTINUE option to shorewall.conf. +3) Fix SAME/ADD_SNAT_ALIASES interaction. + Changes in 3.2.0 Beta 2 1) Make "shorewall start -f" work correctly. diff --git a/Shorewall/compiler b/Shorewall/compiler index 05ab0ea76..0ca6e31a4 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -6625,27 +6625,6 @@ setup_masq() ;; esac - [ "x$addresses" = x- ] && addresses= - - if [ -n "$addresses" -a -n "$add_snat_aliases" ]; then - for address in $(separate_list $addresses); do - address=${address%:)} - if [ -n "$address" ]; then - for addr in $(ip_range_explicit ${address%:*}) ; do - if ! list_search $addr $ALIASES_TO_ADD; then - [ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface - ALIASES_TO_ADD="$ALIASES_TO_ADD $addr $fullinterface" - case $fullinterface in - *:*) - fullinterface=${fullinterface%:*}:$((${fullinterface#*:} + 1 )) - ;; - esac - fi - done - fi - done - fi - [ "x$proto" = x- ] && proto= [ "x$ports" = x- ] && ports= @@ -6788,6 +6767,8 @@ __EOF__ addrlist= target=MASQUERADE + [ "x$addresses" = x- ] && addresses= + if [ -n "$addresses" ]; then case "$addresses" in SAME:nodst:*) @@ -6818,6 +6799,27 @@ __EOF__ done ;; esac + + if [ -n"$add_snat_aliases" ]; then + for address in $(separate_list $addresses); do + address=${address%:)} + if [ -n "$address" ]; then + for addr in $(ip_range_explicit ${address%:*}) ; do + if ! list_search $addr $ALIASES_TO_ADD; then + [ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface + ALIASES_TO_ADD="$ALIASES_TO_ADD $addr $fullinterface" + case $fullinterface in + *:*) + fullinterface=${fullinterface%:*}:$((${fullinterface#*:} + 1 )) + ;; + esac + fi + done + fi + done + fi + + fi if [ -n "$networks" ]; then diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 15fa9b1b6..a2ab5d129 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -36,6 +36,11 @@ Problems Corrected in 3.2.0 Beta 3 in the RPM .spec file. This prevented updated versions of the file from being installed properly. +3) If you use SAME or SAME:nodst in the ADDRESS column of /etc/shorewall/masq + and if you set ADD_SNAT_ALIASES=Yes in shorewall.conf, then "shorewall + start" will fail with the error 'Error: an inet prefix is expected rather + than "SAME".'. + Other changes in 3.2.0 Beta 2 2) A new IMPLICIT_CONTINUE option has been added to shorewall.conf. When