From b160845713dd89dbea079801e9f5c0828c8f02ac Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 20 Oct 2016 14:54:01 -0700 Subject: [PATCH 1/3] Avoid compiler crash when LOAD_HELPERS_ONLY=Yes Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 74d3e5738..980b609ec 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -4544,11 +4544,11 @@ sub IPSet_Match() { } sub IPSet_Match_Nomatch() { - have_capability 'IPSET_MATCH' && $capabilities{IPSET_MATCH_NOMATCH}; + have_capability( 'IPSET_MATCH' ) && $capabilities{IPSET_MATCH_NOMATCH}; } sub IPSet_Match_Counters() { - have_capability 'IPSET_MATCH' && $capabilities{IPSET_MATCH_COUNTERS}; + have_capability( 'IPSET_MATCH' ) && $capabilities{IPSET_MATCH_COUNTERS}; } sub IPSET_V5() { From 34f2aeaceade748c5f5eef035f48b49f54daa9a4 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 22 Oct 2016 09:56:59 -0700 Subject: [PATCH 2/3] Correct 'sed' command Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index c0f5146c5..f49cad3da 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -3566,7 +3566,7 @@ blacklist_command() { if [ $VERBOSITY -gt 1 ]; then echo "$message" | awk '/have been deleted/ { sub( /^.*: /, "" ); sub( / /, " src " ); }; { print; }' else - echo "$message" | head -n1 | sed '/^.*: //; s/ / src /' + echo "$message" | head -n1 | sed 's/^.*: //; s/ / src /' fi fi @@ -3576,7 +3576,7 @@ blacklist_command() { if [ $VERBOSITY -gt 1 ]; then echo "$message" | awk '/have been deleted/ { sub( /^.*: /, "" ); sub( / /, " dst " ); }; { print; }' else - echo "$message" | head -n1 | sed '/^.*: //; s/ / dst /' + echo "$message" | head -n1 | sed 's/^.*: //; s/ / dst /' fi fi fi From e0203bca87312afa07d0d8d37741892614373804 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 23 Oct 2016 08:34:24 -0700 Subject: [PATCH 3/3] Correct nill address check in handling of 'origdest=detect' Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 20a438a54..947ac301b 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -7273,6 +7273,7 @@ sub isolate_dest_interface( $$$$ ) { my ( $diface, $dnets ); if ( ( $restriction & PREROUTE_RESTRICT ) && $dest =~ /^detect:(.*)$/ ) { + my $niladdr = NILIP; # # DETECT_DNAT_IPADDRS=Yes and we're generating the nat rule # @@ -7289,14 +7290,14 @@ sub isolate_dest_interface( $$$$ ) { push_command( $chainref , "for address in $list; do" , 'done' ); - push_command( $chainref , 'if [ $address != 0.0.0.0 ]; then' , 'fi' ) if $optional; + push_command( $chainref , "if [ \$address != $niladdr ]; then" , 'fi' ) if $optional; $rule .= '-d $address '; } else { my $interface = $interfaces[0]; my $variable = get_interface_address( $interface ); - push_command( $chainref , "if [ $variable != 0.0.0.0 ]; then" , 'fi') if interface_is_optional( $interface ); + push_command( $chainref , "if [ $variable != $niladdr ]; then" , 'fi') if interface_is_optional( $interface ); $rule .= "-d $variable "; }