diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index e6fffdcec..2d2fc6db4 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -106,3 +106,5 @@ Changes since 2.0.3 50) Add a clarification and fix a typo in the blacklist file. 51) Allow setting a specify MSS value. + +52) Detect duplicate zone names. diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 36bef0c20..3465a03d6 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -765,6 +765,17 @@ find_hosts() # $1 = host zone done < $TMP_DIR/hosts } +# +# Check for duplicate zone definitions +# +check_duplicate_zones() { + local localzones= + + for zone in $zones; do + list_search $zone $localzones && startup_error "Zone $zone is defined more than once" + localzones="$localzones $zone" + done +} # # Determine the interfaces on the firewall # @@ -2631,6 +2642,7 @@ check_config() { echo "Determining Zones..." determine_zones + check_dupliate_zones [ -z "$zones" ] && startup_error "ERROR: No Zones Defined" @@ -5387,6 +5399,7 @@ initialize_netfilter () { echo "Determining Zones..." determine_zones + check_duplicate_zones [ -z "$zones" ] && startup_error "No Zones Defined" @@ -6112,7 +6125,7 @@ activate_rules() # Create forwarding chains for complex zones and generate jumps for IPSEC source hosts to that chain. # for zone in $zones; do - if eval test -n \$${zone}_is_complex ; then + if eval test -n \"\$${zone}_is_complex\" ; then frwd_chain=${zone}_frwd createchain $frwd_chain No diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index c122e12df..2d0cb02a6 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 2.1.11 +Shorewall 2.1.12 ---------------------------------------------------------------------- Problems Corrected since 2.0.3 @@ -83,6 +83,12 @@ Problems corrected since 2.1.10 4) A typo has been corrected in and a clarification added to the /etc/shorewall/blacklist file. +Problems corrected since 2.1.11 + +1) If a zone name appears more than once in /etc/shorewall/zones, + Shorewall will now issue an error message and terminate during + "shorewall [re]start" or "shorewall check". + ----------------------------------------------------------------------- Issues when migrating from Shorewall 2.0 to Shorewall 2.1: