From a95025686d46799e7990fc29732308653f60cf23 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 25 Jul 2004 23:26:52 +0000
Subject: [PATCH] Fix multiple blacklist interface bug

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1498 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/action.template |  4 ++++
 Shorewall2/changelog.txt   |  4 +++-
 Shorewall2/firewall        |  2 +-
 Shorewall2/rules           | 14 ++++++++++++++
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/Shorewall2/action.template b/Shorewall2/action.template
index 79b94ecb3..fcc948d00 100644
--- a/Shorewall2/action.template
+++ b/Shorewall2/action.template
@@ -37,6 +37,10 @@
 #			ACCEPT:debugging). This causes the packet to be
 #			logged at the specified level.
 #
+#			The special log level 'none' does not result in logging
+#			but rather exempts the rule from being overridden by a
+#			non-forcing log level when the action is invoked.
+#
 #			You may also specify ULOG (must be in upper case) as a
 #			log level.This will log to the ULOG target for routing
 #			to a separate log through use of ulogd
diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index bb3831291..7fbc27db8 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -33,4 +33,6 @@ Changes since 2.0.3
 
 10) Port "shorewall status" changes from 2.0.7.
 
-11) All config files are now empty.
\ No newline at end of file
+11) All config files are now empty.
+
+12) Port blacklisting fix from 2.0.7
\ No newline at end of file
diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 10d1e5b55..042f9671d 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -4594,7 +4594,7 @@ process_blacklist_rec() {
 # Setup the Black List
 #
 setup_blacklist() {
-    local hosts=$(find_hosts_by_option blacklist)
+    local hosts="$(find_hosts_by_option blacklist)"
     local f=$(find_file blacklist)
     local disposition=$BLACKLIST_DISPOSITION
 
diff --git a/Shorewall2/rules b/Shorewall2/rules
index 2bee3c0c7..e65fba67f 100755
--- a/Shorewall2/rules
+++ b/Shorewall2/rules
@@ -72,6 +72,20 @@
 #			DNAT:debug). This causes the packet to be
 #			logged at the specified level.
 #
+#			If the ACTION names an action devined in
+#			/etc/shorewall/actions or in
+#			/usr/share/shorewall/actions.std then:
+#
+#			- If the log level is followed by "!' then all rules
+#			  in the action are logged at the log level.
+#
+#			- If the log level is not followed by "!" then only
+#			  those rules in the action that do not specify 
+#			  logging are logged at the specified level.
+#
+#			- The special log level 'none!' suppresses logging
+#			  by the action.
+#
 #			You may also specify ULOG (must be in upper case) as a
 #			log level.This will log to the ULOG target for routing
 #			to a separate log through use of ulogd