Update for Shorewall 2.0.10

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1720 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Lrp2/etc/shorewall/tcrules

@@ -11,6 +11,11 @@
 #		FOR ENTRIES IN THIS FILE TO HAVE ANY EFFECT, YOU MUST SET
 #		TC_ENABLED=Yes in /etc/shorewall/shorewall.conf
 #
+#		Unlike rules in the /etc/shorewall/rules file, evaluation
+#		of rules in this file will continue after a match. So the 
+#		final mark for each packet will be the one assigned by the
+#		LAST tcrule that matches.
+#
 # Columns are:
 #
 #

Lrp2/usr/share/shorewall/firewall

@@ -293,7 +293,7 @@ ensurechain1() # $1 = chain name
 addrule() # $1 = chain name, remainder of arguments specify the rule
 {
     ensurechain $1
-    run_iptables -A $@
+    run_iptables2 -A $@
 }
 
 #
@@ -1146,18 +1146,19 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = disposition , $4 = rate limi
     local limit="${4:-$LOGLIMIT}"
     local tag=${5:+$5 }
     local prefix
+    local base=$(chain_base $displayChain)
 
     shift;shift;shift;shift;shift
 
     if [ -n "$LOGRULENUMBERS" ]; then
-	eval rulenum=\$${chain}_logrules
+	eval rulenum=\$${base}_logrules
 
-	[ -z "$rulenum" ] && rulenum=1
+	rulenum=${rulenum:-1}
 
 	prefix="$(printf "$LOGFORMAT" $chain $rulenum $disposition)${tag}"
 
 	rulenum=$(($rulenum + 1))
-	eval ${chain}_logrules=$rulenum
+	eval ${base}_logrules=$rulenum
     else
 	prefix="$(printf "$LOGFORMAT" $chain $disposition)${tag}"
     fi
@@ -1509,11 +1510,11 @@ setup_tunnels() # $1 = name of tunnels file
 	progress_message "   PPTP tunnel to $1 defined."
     }
 
-    setup_pptp_server()
+    setup_pptp_server() # $1 = gateway
     {
-	addrule $inchain  -p 47               -j ACCEPT
-	addrule $outchain -p 47               -j ACCEPT
-	addrule $inchain  -p tcp --dport 1723 -j ACCEPT
+	addrule $inchain  -p 47               -s $1 -j ACCEPT
+	addrule $outchain -p 47               -d $1 -j ACCEPT
+	addrule $inchain  -p tcp --dport 1723 -s $1 -j ACCEPT
 
 	progress_message "   PPTP server defined."
     }
@@ -1581,6 +1582,7 @@ setup_tunnels() # $1 = name of tunnels file
 	if validate_zone $z; then
 	    inchain=${z}2${FW}
 	    outchain=${FW}2${z}
+	    gateway=${gateway:-0.0.0.0/0}
 	    case $kind in
 		ipsec|IPSEC|ipsec:*|IPSEC:*)
 		    setup_one_ipsec $gateway $kind $z1
@@ -1601,7 +1603,7 @@ setup_tunnels() # $1 = name of tunnels file
 		    setup_pptp_client $gateway
 		    ;;
 		pptpserver|PPTPSERVER)
-		    setup_pptp_server
+		    setup_pptp_server $gateway
 		    ;;
 		openvpn|OPENVPN|openvpn:*|OPENVPN:*)
 		    setup_one_openvpn $gateway $kind
@@ -4223,7 +4225,7 @@ setup_masq()
 	    ;;
 	*)
 	    networks=$(get_routed_networks $networks)
-	    [ -z "$networks" ] && fatal_error "Unable to determine the routes through interface $networks"
+	    [ -z "$networks" ] && fatal_error "Unable to determine the routes through interface \"$source\""
 	    networks="$networks"
 	    ;;
 	esac

Lrp2/usr/share/shorewall/version

@@ -1 +1 @@
-2.0.9
+2.0.10

STABLE2/shorewall

@@ -1045,7 +1045,7 @@ case "$1" in
 	    else
 		case $RESTOREFILE in
 		    save|restore-base)
-			echo "   ERROR: Reserved file name: save"
+			echo "   ERROR: Reserved file name: $RESTOREFILE"
 			;;
 		    *)
 			if iptables -L dynamic -n > /var/lib/shorewall/save; then
@@ -1096,7 +1096,7 @@ case "$1" in
 	    rm -f $RESTOREPATH
 	    echo "    $RESTOREPATH removed"
 	elif [ -f $RESTOREPATH ]; then
-	    echo "   ERROR: $RESTOREPATH is not a restore script"
+	    echo "   ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration"
 	fi
 	;;
     ipcalc)