Fix yet another <zone>_frwd problem

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1213 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -8,4 +8,6 @@ Changes since 2.0.0
 
 4) Add 'nobogons'
 
-4) Add 'netmap'
+5) Add 'netmap'
+
+6) Fix another <zone>_frwd problem.

Shorewall2/firewall

@@ -5026,6 +5026,13 @@ activate_rules()
 
 	    if [ $zone = $zone1 ]; then
 		eval routeback=\"\$${zone}_routeback\"
+		eval interfaces=\"${zone}_interfaces\"
+
+		num_ifaces=$(list_count1 $interfaces)
+
+		if [ $num_ifaces -lt 2 -a -z "$routeback" ] ; then
+		    continue
+		fi
 	    else
 		routeback=
 	    fi
@@ -5034,12 +5041,9 @@ activate_rules()
 		for host1 in $dest_hosts; do
 		    interface1=${host1%%:*}
 		    subnet1=${host1#*:}
-		    if [ $(list_count1 $source_hosts) -eq 1 -a "$source_hosts" = "$host1" ]; then
+
-			if list_search $host1 $routeback; then
+		    if [ $zone != $zone1 -o $num_ifaces -gt 1 ] || list_search $host1 $routeback ; then
-			    run_iptables -A $frwd_chain -o $interface1 $(match_dest_hosts $subnet1) -j $chain
+			run_iptables -A $frwd_chain -o $interface1 $(match_dest_hosts $subnet1) -j $chain			
-			fi
-		    else
-			run_iptables -A $frwd_chain -o $interface1 $(match_dest_hosts $subnet1) -j $chain
 		    fi
 		done
 	    else

Shorewall2/releasenotes.txt

@@ -6,6 +6,10 @@ Problems Corrected since 2.0.0
 1) Using actions in the manner recommended in the documentation
    results in a Warning that the rule is a policy.
 
+2) When a zone on a single interface is defined using
+   /etc/shorewall/hosts, superfluous rules are generated in the
+   <zone>_frwd chain.
+
 Problems Corrected since 2.0.1 Beta 1
 
 1) The BOGON_LOG_LEVEL variable is now included in shorewall.conf. It