Fix multiple excluded zone handling in DNAT/REDIRECT

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1181 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-24 06:29:03 +01:00 · 2004-03-04 15:24:59 +00:00 · 2004-03-04 15:24:59 +00:00 · d711731678
commit d711731678
parent e2978f336a
8 changed files with 30 additions and 9 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -27,3 +27,7 @@ Changes since 1.4.9
 12) Allow maclist with Atheros cards
 13) Fix masq file problem with exclusion in the source column.
 14) Fix silly tcrules file problem.
 15) Fix multiple excluded zones in DNAT/REDIRECT rules.
--- a/Shorewall/fallback.sh
+++ b/Shorewall/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=1.4.10a
+VERSION=1.4.10c
 usage() # $1 = exit status
 {
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1730,7 +1730,7 @@ process_tc_rule()
 	    esac
 	fi
-	if [ "x$user" != "x-" ]; then
+	if [ "x${user:--}" != "x-" ]; then
 	    [ "$chain" != tcout ] && \
 		fatal_error "Invalid use of a user/group: rule \"$rule\""
@ -2632,7 +2632,7 @@ add_nat_rule() {
 		    addnatrule `dnat_chain $source` $cli $proto $multiport $sports $dports -d $adr -j $chain
 		done
-		for z in $excludezones; do
+		for z in $(separate_list $excludezones); do
 		    eval hosts=\$${z}_hosts
 		    for host in $hosts; do
 			addnatrule $chain -s ${host#*:} -j RETURN
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -54,7 +54,7 @@
 #        /etc/rc.d/rc.local file is modified to start the firewall.
 #
-VERSION=1.4.10a
+VERSION=1.4.10c
 usage() # $1 = exit status
 {
--- a/Shorewall/interfaces
+++ b/Shorewall/interfaces
@ -62,10 +62,13 @@
 #				       interface (anti-spoofing measure). This
 #                                      option can also be enabled globally in
 #				       the /etc/shorewall/shorewall.conf file.
-#			dropunclean  - Logs and drops mangled/invalid packets
+#			dropunclean  - Logs and drops mangled/invalid
-#
+#				       packets. USE OF THIS OPTION IS
 #				       NOT RECOMMENDED. It will be removed in
 #				       Shorewall 2.0.
 #			logunclean   - Logs mangled/invalid packets but does
-#				       not drop them.
+#				       not drop them. This option will be
 #				       removed in Shorewall 2.0.
 #	.	.	blacklist    - Check packets arriving on this interface
 #				       against the /etc/shorewall/blacklist
 #				       file.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -31,6 +31,16 @@ Problems Corrected since version 1.4.9:
   the !10.1.0.0/16 is ignored.
 9. A startup error occurs if the USER/GROUP column of the tcrules file
   is empty.
 10. The following syntax previously produced a startup error:
    DNAT z1!z2,z3	    z4:...
    That has been corrected so that multiple excluded zones may now be
    listed in a DNAT or REDIRECT rule.
 Migration Issues:
 None.
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@ -1,5 +1,5 @@
 %define name shorewall
-%define version 1.4.10a
+%define version 1.4.10c
 %define release 1
 %define prefix /usr
@ -109,6 +109,10 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 %changelog
 * Sun Feb 15 2004 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.4.10c-1
 * Thu Feb 12 2004 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.4.10b-1
 * Sun Feb 08 2004 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.4.10a-1
 * Fri Jan 30 2004 Tom Eastep <tom@shorewall.net>
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall
-VERSION=1.4.10a
+VERSION=1.4.10c
 usage() # $1 = exit status
 {