Fix multiple excluded zone handling in DNAT/REDIRECT

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1181 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -27,3 +27,7 @@ Changes since 1.4.9
 12) Allow maclist with Atheros cards
 
 13) Fix masq file problem with exclusion in the source column.
+
+14) Fix silly tcrules file problem.
+
+15) Fix multiple excluded zones in DNAT/REDIRECT rules.

Shorewall/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=1.4.10a
+VERSION=1.4.10c
 
 usage() # $1 = exit status
 {

Shorewall/firewall

@@ -1730,7 +1730,7 @@ process_tc_rule()
 	    esac
 	fi
 
-	if [ "x$user" != "x-" ]; then
+	if [ "x${user:--}" != "x-" ]; then
 
 	    [ "$chain" != tcout ] && \
 		fatal_error "Invalid use of a user/group: rule \"$rule\""
@@ -2632,7 +2632,7 @@ add_nat_rule() {
 		    addnatrule `dnat_chain $source` $cli $proto $multiport $sports $dports -d $adr -j $chain
 		done
 
-		for z in $excludezones; do
+		for z in $(separate_list $excludezones); do
 		    eval hosts=\$${z}_hosts
 		    for host in $hosts; do
 			addnatrule $chain -s ${host#*:} -j RETURN

Shorewall/install.sh

@@ -54,7 +54,7 @@
 #        /etc/rc.d/rc.local file is modified to start the firewall.
 #
 
-VERSION=1.4.10a
+VERSION=1.4.10c
 
 usage() # $1 = exit status
 {

Shorewall/interfaces

@@ -62,10 +62,13 @@
 #				       interface (anti-spoofing measure). This
 #                                      option can also be enabled globally in
 #				       the /etc/shorewall/shorewall.conf file.
-#			dropunclean  - Logs and drops mangled/invalid packets
-#
+#			dropunclean  - Logs and drops mangled/invalid
+#				       packets. USE OF THIS OPTION IS
+#				       NOT RECOMMENDED. It will be removed in
+#				       Shorewall 2.0.
 #			logunclean   - Logs mangled/invalid packets but does
-#				       not drop them.
+#				       not drop them. This option will be
+#				       removed in Shorewall 2.0.
 #	.	.	blacklist    - Check packets arriving on this interface
 #				       against the /etc/shorewall/blacklist
 #				       file.

Shorewall/releasenotes.txt

@@ -31,6 +31,16 @@ Problems Corrected since version 1.4.9:
 
    the !10.1.0.0/16 is ignored.
 
+9. A startup error occurs if the USER/GROUP column of the tcrules file
+   is empty.
+
+10. The following syntax previously produced a startup error:
+
+    DNAT z1!z2,z3	    z4:...
+
+    That has been corrected so that multiple excluded zones may now be
+    listed in a DNAT or REDIRECT rule.
+
 Migration Issues:
 
 None.

Shorewall/shorewall.spec

@@ -1,5 +1,5 @@
 %define name shorewall
-%define version 1.4.10a
+%define version 1.4.10c
 %define release 1
 %define prefix /usr
 
@@ -109,6 +109,10 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 
 %changelog
+* Sun Feb 15 2004 Tom Eastep <tom@shorewall.net>
+- Changed version to 1.4.10c-1
+* Thu Feb 12 2004 Tom Eastep <tom@shorewall.net>
+- Changed version to 1.4.10b-1
 * Sun Feb 08 2004 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.4.10a-1
 * Fri Jan 30 2004 Tom Eastep <tom@shorewall.net>

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall
 
-VERSION=1.4.10a
+VERSION=1.4.10c
 
 usage() # $1 = exit status
 {