Allow address lists in /etc/shorewall/hosts entries

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@646 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-21 02:08:48 +02:00 · 2003-07-06 15:31:26 +00:00 · 2003-07-06 15:31:26 +00:00 · c615aa868a
commit c615aa868a
parent ceed25dc1c
3 changed files with 45 additions and 9 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -494,10 +494,17 @@ first_chains() #$1 = interface
 #
 find_hosts() # $1 = host zone
 {
-    local hosts
+    local hosts interface address addresses

    while read z hosts options; do
-	[ "x`expand $z`" = "x$1" ] && expandv hosts && echo `separate_list $hosts`
+	if [ "x`expand $z`" = "x$1" ]; then
+	    expandv hosts
+	    interface=${hosts%:*}
+	    addresses=${hosts#*:}
+	    for address in `separate_list $addresses`; do 
+		echo $interface:$address
+	    done
+	fi
    done < $TMP_DIR/hosts
 }

@ -635,18 +642,20 @@ validate_hosts_file() {
 	r="$z $hosts $options"
 	validate_zone $z || startup_error "Invalid zone ($z) in record \"$r\""

+	interface=${hosts%:*}
+
+	list_search  $interface $all_interfaces || \
+	    startup_error "Unknown interface ($interface) in record \"$r\""
+
+	hosts=${hosts#*:}
+
 	for host in `separate_list $hosts`; do
-	    interface=${host%:*}
-
-	    list_search  $interface $all_interfaces || \
-		startup_error "Unknown interface ($interface) in record \"$r\""
-
 	    for option in `separate_list $options`; do
 		case $option in
 		    maclist|-)
 			;;
 		    routeback)
-			eval ${z}_routeback=\"$host \$${z}_routeback\"
+			eval ${z}_routeback=\"$interface:$host \$${z}_routeback\"
 			;;
 		    *)
 			error_message "Warning: Invalid option ($option) in record \"$r\""
--- a/Shorewall/hosts
+++ b/Shorewall/hosts
@ -20,7 +20,7 @@
 #	ZONE	- The name of a zone defined in /etc/shorewall/zones
 #
 #	HOST(S)	- The name of an interface followed by a colon (":") and
-#		  either:
+#		  a comma-separated list whose elements are either:
 #
 #			a) The IP address of a host
 #			b) A subnetwork in the form
@ -33,6 +33,7 @@
 #
 #			eth1:192.168.1.3
 #			eth2:192.168.2.0/24
+#			eth3:192.168.2.0/24,192.168.3.1
 #
 #	OPTIONS - A comma-separated list of options. Currently-defined
 #		  options are:
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -14,6 +14,22 @@ Problems Corrected:
 3) Corrected a problem in Beta 1 where DNS names containing a "-" were
   mis-handled when they appeared in the DEST column of a rule.

+Migration Issues:
+
+1) In earlier versions, an undocumented feature allowed entries in
+   the host file as follows:
+
+      z    eth1:192.168.1.0/24,eth2:192.168.2.0/24
+
+   This capability was never documented and has been removed in 1.4.6
+   to allow entries of the following format:
+
+      z   eth1:192.168.1.0/24,192.168.2.0/24
+
+2) The NAT_ENABLED, MANGLE_ENABLED and MULTIPORT options have been
+   removed from /etc/shorewall/shorewall.conf. These capabilities are
+   now automatically detected by Shorewall (see below).
+
 New Features:

 1) A 'newnotsyn' interface option has been added. This option may be
@ -118,6 +134,9 @@ New Features:
   construct an efficient set of rules that accept connections from a
   range of network addresses.

+   Note: If your shell only supports 32-bit signed arithmetic (ash or
+   dash) then the range may not span 128.0.0.0.
+
   Example:

      [root@gateway root]# shorewall iprange 192.168.1.4-192.168.12.9
@ -133,3 +152,10 @@ New Features:
      192.168.12.0/29
      192.168.12.8/31
      [root@gateway root]#
+
+10) A list of host/net addresses is now allowed in an entry in
+    /etc/shorewall/hosts.
+
+    Example:
+
+	foo	eth1:192.168.1.0/24,192.168.2.0/24