Document full logical interface implementation

Shorewall/Perl/Shorewall/Config.pm

@@ -440,7 +440,6 @@ sub initialize( $ ) {
 	      AUTOMAKE => undef ,
 	      WIDE_TC_MARKS => undef,
 	      TRACK_PROVIDERS => undef,
-	      LOGICAL_NAMES => undef,
 	      ZONE2ZONE => undef,
 	      #
 	      # Packet Disposition
@@ -549,7 +548,6 @@ sub initialize( $ ) {
 	      AUTOMAKE => undef ,
 	      WIDE_TC_MARKS => undef,
 	      TRACK_PROVIDERS => undef,
-	      LOGICAL_NAMES => undef,
 	      ZONE2ZONE => undef,
 	      #
 	      # Packet Disposition
@@ -2411,7 +2409,6 @@ sub get_configuration( $ ) {
     default_yes_no 'AUTOMAKE'                   , '';
     default_yes_no 'WIDE_TC_MARKS'              , '';
     default_yes_no 'TRACK_PROVIDERS'            , '';
-    default_yes_no 'LOGICAL_NAMES'              , '';
 
     my $val;
 

Shorewall/Perl/Shorewall/Zones.pm

@@ -898,12 +898,8 @@ sub process_interface( $ ) {
 		if ( $option eq 'physical' ) {
 		    fatal_error "Invalid Physical interface name ($value)" unless $value =~ /^[\w.@%-]+\+?$/;
 
-		    unless ( $port ) {
+		    fatal_error "Duplicate physical interface name ($value)" if ( $physical{$value} && ! $port );
-			fatal_error "The 'physical' option is only allowed on bridge ports" unless  $config{LOGICAL_NAMES};
-			fatal_error "Duplicate physical interface name ($value)" if $physical{$value};
-		    }
 
-		    $physical{$value} = 1;
 		    fatal_error "The type of 'physical' name ($value) doesn't match the type of interface name ($interface)" if $wildcard && ! $value =~ /\+$/;
 		    $physical = $value;
 		} else {
@@ -931,16 +927,16 @@ sub process_interface( $ ) {
 
     }
 
-    $interfaces{$interface} = { name       => $interface ,
+    $physical{$physical} = $interfaces{$interface} = { name       => $interface ,
-				bridge     => $bridge ,
+						       bridge     => $bridge ,
-				nets       => 0 ,
+						       nets       => 0 ,
-				number     => $nextinum ,
+						       number     => $nextinum ,
-				root       => $root ,
+						       root       => $root ,
-				broadcasts => $broadcasts ,
+						       broadcasts => $broadcasts ,
-				options    => \%options ,
+						       options    => \%options ,
-			        zone       => '',
+						       zone       => '',
-				physical   => $physical
+						       physical   => $physical
-			      };
+						     };
 
     if ( $zone ) {
 	$netsref ||= [ allip ];

Shorewall/releasenotes.txt

@@ -252,6 +252,15 @@ None.
     is, if the logical name ends in '+' then the physical name must
     also end in '+'.
 
+    This feature is not restricted to bridge ports. Beginning with this
+    release, the interface name in the INTERFACE column can be
+    considered a logical name for the interface where the actual
+    interface name is specified using the 'physical' option. If no
+    'physical' option is present, then the physical name is assumed to
+    be the same as the logical name. As before, the logical interface
+    name is used throughout the rest of the configuration to refer to
+    the interface.
+
 4)  Previously, Shorewall has used the character '2' to form the name
     of chains involving zones and/or the word 'all' (e.g., fw2net,
     all2all). When zones names are given numeric suffixes, these

manpages/shorewall-interfaces.xml

@@ -63,10 +63,12 @@ loc     eth2            -</programlisting>
         role="bold">]</emphasis></term>
 
         <listitem>
-          <para>Name of interface. Each interface may be listed only once in
+          <para>Logical name of interface. Each interface may be listed only
-          this file. You may NOT specify the name of a "virtual" interface
+          once in this file. You may NOT specify the name of a "virtual"
-          (e.g., eth0:0) here; see <ulink
+          interface (e.g., eth0:0) here; see <ulink
-          url="http://www.shorewall.net/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink></para>
+          url="http://www.shorewall.net/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink>.
+          If the <option>physical</option> option is not specified, then the
+          logical name is also the name of the actual interface.</para>
 
           <para>You may use wildcards here by specifying a prefix followed by
           the plus sign ("+"). For example, if you want to make an entry that
@@ -440,13 +442,11 @@ loc     eth2            -</programlisting>
               role="bold"><emphasis>name</emphasis></emphasis></term>
 
               <listitem>
-                <para>Added in Shorewall 4.4.4. This option may only be used
+                <para>Added in Shorewall 4.4.4. When specified, the interface
-                when defining a bridge port (:<emphasis>port</emphasis>
+                or port name in the INTERFACE column is a logical name that
-                appeared in the INTERFACE column). When specified, the port
+                refers to the name given in this option. It is useful when you
-                name in the INTERFACE column is a logical name that refers to
+                want to specify the same wildcard port name on two or more
-                the name given in this option. It is useful when you want to
+                bridges. See <ulink
-                specify the same wildcard port name on two or more bridges.
-                See <ulink
                 url="http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple">http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple</ulink>.</para>
 
                 <para>If the <emphasis>interface</emphasis> name is a wildcard

manpages6/shorewall6-interfaces.xml

@@ -63,10 +63,12 @@ loc     eth2            -</programlisting>
         role="bold">]</emphasis></term>
 
         <listitem>
-          <para>Name of interface. Each interface may be listed only once in
+          <para>Logical name of interface. Each interface may be listed only
-          this file. You may NOT specify the name of a "virtual" interface
+          once in this file. You may NOT specify the name of a "virtual"
-          (e.g., eth0:0) here; see <ulink
+          interface (e.g., eth0:0) here; see <ulink
-          url="http://www.shorewall.net/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink></para>
+          url="http://www.shorewall.net/FAQ.htm#faq18">http://www.shorewall.net/FAQ.htm#faq18</ulink>.
+          If the <option>physical</option> option is not specified, then the
+          logical name is also the name of the actual interface.</para>
 
           <para>You may use wildcards here by specifying a prefix followed by
           the plus sign ("+"). For example, if you want to make an entry that
@@ -180,12 +182,11 @@ loc     eth2            -</programlisting>
               role="bold"><emphasis>name</emphasis></emphasis></term>
 
               <listitem>
-                <para>Added in Shorewall 4.4.4. This option may only be used
+                <para>Added in Shorewall 4.4.4. When specified, the interface
-                when defining a bridge port (:port appeared in the INTERFACE
+                or port name in the INTERFACE column is a logical name that
-                column). When specified, the port name in the INTERFACE column
+                refers to the name given in this option. It is useful when you
-                is a logical name that refers to the name given in this
+                want to specify the same wildcard port name on two or more
-                option. It is useful when you want to specify the same
+                bridges. See <ulink
-                wildcard port name on two or more bridges. See <ulink
                 url="http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple">http://www.shorewall.net/bridge-Shorewall-perl.html#Multiple</ulink>.</para>
 
                 <para>If the <emphasis>interface</emphasis> name is a wildcard