Apply 3.4 fix for detectnets; verify shorewall-common version

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6745 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 16:13:18 +01:00 · 2007-07-02 17:13:36 +00:00 · 2007-07-02 17:13:36 +00:00 · cac2ecfee6
commit cac2ecfee6
parent a3258ffc4f
2 changed files with 35 additions and 9 deletions
--- a/Shorewall-shell/compiler
+++ b/Shorewall-shell/compiler
@ -4201,7 +4201,11 @@ activate_rules()
 		*.*.*.*|+*)
 		    if [ "$networks" != 0.0.0.0/0 ]; then
 			if ! list_search $interface $need_broadcast ; then
-			    interface_has_option $interface detectnets && need_broadcast="$need_broadcast $interface"
+			    if interface_has_option $interface detectnets; then
+				need_broadcast="$need_broadcast $interface"
+				iface=$(chain_base $interface)
+				eval need_bcast_$iface=\"$(match_source_hosts $networks)\"
+			    fi
 			fi
 		    fi
 		    ;;
@ -4212,9 +4216,6 @@ activate_rules()
 	    for interface in $need_broadcast ; do
 		run_iptables -A $(out_chain $interface) -d 255.255.255.255 -j $chain1
 		run_iptables -A $(out_chain $interface) -d 224.0.0.0/4     -j $chain1
-		if [ $chain3 = ACCEPT -o $chain3 = "${zone}2${zone}" ]; then
-		    run_iptables -A $(forward_chain $interface) $(match_dest_dev $interface) -d 255.255.255.255 -j $chain3;
-		fi
 	    done
 	fi
 	#
@ -4351,6 +4352,16 @@ activate_rules()
 		if [  $num_ifaces -lt 2 -a -z "$routeback" -a -z "$exclusions" ] ; then
 		    continue
 		fi
+		
+		if [ -n "$chain3" ]; then
+		    for interface in $need_broadcast ; do
+			if interface_has_option $interface routeback; then
+			    iface=$(chain_base $interface)
+			    eval source=\"\$need_bcast_$iface\"
+			    run_iptables -A $(forward_chain $interface) $source $(match_dest_dev $interface) -d 255.255.255.255 -j $chain3;
+			fi
+		    done
+		fi
 	    else
 		routeback=
 		num_ifaces=0
@ -4418,14 +4429,14 @@ activate_rules()
 		    interface=${host%%:*}
 		    networks=${host#*:}

-		    chain3=$(forward_chain $interface)
+		    chain4=$(forward_chain $interface)

 		    for host1 in $dest_hosts; do
 			interface1=${host1%%:*}
 			networks1=${host1#*:}

 			if [ "$host" != "$host1" ] || list_search $host $routeback; then
-			    run_iptables2 -A $chain3 $(match_source_hosts $networks) -o $interface1 $(match_dest_hosts $networks1) $(match_ipsec_out $zone1 $host1) -j $chain
+			    run_iptables2 -A $chain4 $(match_source_hosts $networks) -o $interface1 $(match_dest_hosts $networks1) $(match_ipsec_out $zone1 $host1) -j $chain
 			fi
 		    done
 		done
@ -5725,6 +5736,10 @@ for library in lib.base lib.config; do
    fi
 done

+VERSION=$(cat $SHELLSHAREDIR/version)
+
+[ $SHOREWALL_LIBVERSION -ge $MIN_COMMON_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common >= 4.0.0" 
+
 PROGRAM=compiler

 COMMAND="$1"
--- a/Shorewall-shell/diff-3.4-compiler
+++ b/Shorewall-shell/diff-3.4-compiler
@ -1,5 +1,5 @@
--- /home/teastep/shorewall/branches/3.4/Shorewall/compiler	2007-06-18 10:11:02.000000000 -0700
-+++ compiler	2007-06-22 13:51:59.000000000 -0700
+--- /home/teastep/shorewall/branches/3.4/Shorewall/compiler	2007-06-30 08:39:22.000000000 -0700
+++ compiler	2007-07-02 10:12:28.000000000 -0700
@@ -673,11 +673,11 @@
     progress_message2 "Compiling IP Forwarding..."
 
@ -58,7 +58,7 @@
 	fi
 
     fi
-@@ -4874,7 +4879,7 @@
+@@ -4889,7 +4894,7 @@
 		;;
 	esac
 
@ -67,3 +67,14 @@
     }
 
     progress_message2 "Initializing..."
+@@ -5731,6 +5736,10 @@
+     fi
+ done
+ 
+VERSION=$(cat $SHELLSHAREDIR/version)
+
+[ $SHOREWALL_LIBVERSION -ge $MIN_COMMON_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common >= 4.0.0" 
+
+ PROGRAM=compiler
+ 
+ COMMAND="$1"