diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index 168bbe395..d378ebe2c 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -14,6 +14,8 @@ Changes in 4.1.7 7) Fix priority mingling in tc filters. +8) Fix policy parsing. + Changes in 4.1.6 1) Deprecate IMPLICIT_CONTINUE=Yes diff --git a/Shorewall-common/lib.cli b/Shorewall-common/lib.cli index e2428d5b0..19db4bfc3 100644 --- a/Shorewall-common/lib.cli +++ b/Shorewall-common/lib.cli @@ -609,7 +609,7 @@ show_command() { if [ $# -gt 0 ]; then [ -n "$table_given" ] || for chain in $*; do if ! qt $IPTABLES -t $table -L $chain $IPT_OPTIONS; then - echo "usage $(basename $0) show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [ [ ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones} ] " >&2 + echo "usage $(basename $0) show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [ [ ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|routing|tc|zones} ] " >&2 exit 1 fi done diff --git a/Shorewall-common/macro.Rfc1918 b/Shorewall-common/macro.Rfc1918 new file mode 100644 index 000000000..85cd2a332 --- /dev/null +++ b/Shorewall-common/macro.Rfc1918 @@ -0,0 +1,10 @@ +# +# Shorewall version 4 - Rfc1918 Macro +# +# /usr/share/shorewall/macro.Rfc1918 +# +# This macro handles traffic with SOURCE or DEST reserved by RFC 1918. +# +############################################################################### +PARAM SOURCE DEST:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 +PARAM SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 DEST diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 716d584f9..691944735 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -89,6 +89,9 @@ Problems corrected in Shorewall-perl 4.1.7. /sbin/shorewall: line 723: 755 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart +4) A POLICY of ":" in /etc/shorewall/policy would produce Perl + run-time errors. + New Features in 4.1.7. 1) If an interface fails when using balanced multi-ISP routing, the diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm index 8c384f12b..6aa27ed49 100644 --- a/Shorewall-perl/Shorewall/Policy.pm +++ b/Shorewall-perl/Shorewall/Policy.pm @@ -211,7 +211,7 @@ sub validate_policy() while ( read_a_line ) { - my ( $client, $server, $policy, $loglevel, $synparams ) = split_line 3, 5, 'policy file'; + my ( $client, $server, $originalpolicy, $loglevel, $synparams ) = split_line 3, 5, 'policy file'; $loglevel = '' if $loglevel eq '-'; $synparams = '' if $synparams eq '-'; @@ -224,9 +224,7 @@ sub validate_policy() fatal_error "Undefined zone $server" unless $serverwild || defined_zone( $server ); - my $originalpolicy = $policy; - - ( $policy , my ( $default, $remainder ) ) = split( /:/, $policy, 3 ); + my ( $policy, $default, $remainder ) = split( /:/, $originalpolicy, 3 ); fatal_error "Invalid or missing POLICY ($originalpolicy)" unless $policy;