Remove documentation for find_interface_by_mac()

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2521 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -7,9 +7,7 @@ Changes in 2.5.3
 
 3) Set COMMAND=restore in restore-base.
 
-4) Implement find_interface_by_mac()
-
-5) Allow exclusion lists in actions.
+4) Allow exclusion lists in actions.
 
 Changes in 2.5.2
 

Shorewall/firewall

@@ -1406,6 +1406,14 @@ validate_policy()
 
     ALL_POLICY_CHAINS=
 
+    for zone in $ZONES $FW; do
+	chain=${zone}2${zone}
+	eval ${chain}_is_policy=Yes
+	eval ${chain}_is_optional=Yes
+	eval ${chain}_policy=ACCEPT
+	ALL_POLICY_CHAINS="$ALL_POLICY_CHAINS $chain"
+    done	
+
     strip_file policy
 
     while read client server policy loglevel synparams; do
@@ -1472,7 +1480,7 @@ validate_policy()
 	chain=${client}2${server}
 
 	if is_policy_chain $chain ; then
-	    startup_error "Duplicate policy $policy"
+	    startup_error "Duplicate policy: $client $server $policy"
 	fi
 
 	[ "x$loglevel"  = "x-" ] && loglevel=
@@ -7724,6 +7732,7 @@ apply_policy_rules() {
 	eval loglevel=\$${chain}_loglevel
 	eval synparams=\$${chain}_synparams
 	eval epolicy=\$${chain}_epolicy
+	eval optional=\$${chain}_is_optional
 
 	[ -n "$synparams" ] && setup_syn_flood_chain $chain $synparams $loglevel
 
@@ -7731,7 +7740,7 @@ apply_policy_rules() {
 	    [ "$epolicy" = ACCEPT ] && ordinal=2 || ordinal=3
 	    [ -n "$synparams" ] && \
 		run_iptables -I $chain $ordinal -p tcp --syn -j @$chain
-	elif [ "$policy" != CONTINUE ]; then
+	elif [ -z "$optional" -a "$policy" != CONTINUE ]; then
 	    #
 	    # The chain doesn't exist. Create the chain and add policy
 	    # rules

Shorewall/policy

@@ -10,6 +10,12 @@
 #	source/destination pair, the file is processed in order until a
 #	match is found ("all" will match any client or server).
 #
+#	                INTRA-ZONE POLICIES ARE PRE-DEFINED
+#
+#	For $FW and for all of the zoned defined in /etc/shorewall/zones,
+#	the POLICY for connections from the zone to itself is ACCEPT and may
+#	not be modified by entries in this file. 
+#
 # Columns are:
 #
 #	SOURCE		Source zone. Must be the name of a zone defined

Shorewall/releasenotes.txt

@@ -17,23 +17,6 @@ New Features in Shorewall 2.5.3
     scripts. The value of this variable is sometimes of interest to
     programmers providing custom /etc/shorewall/tcstart scripts.
 
-4)  If you have problems with ethernet interfaces switching names when
-    your system is rebooted, you can now work around the problem. For
-    each interface, select a shell variable name and set the variable
-    to the value echoed by the 'find_interface_by_mac' function.
-
-    Example: To set EXT_IF to the interface with MAC address
-    00:02:e3:08:55:fa, in /etc/shorewall/params:
-
-	EXT_IF=$(find_interface_by_mac 00:02:e3:08:55:fa)
-
-    Now simply use $EXT_IF any time that you wish to refer to that
-    interface.
-
-    WARNING: If you have this problem, you will not wish to use the
-    "-f" option in the Shorewall SysV init script (usually named
-    /etc/init.d/shorewall).
-
 Problems Corrected in 2.5.2:
 
 1) You may now include port lists in in the /etc/shorewall/accounting
@@ -408,20 +391,4 @@ New Features in Shorewall 2.5.*
     scripts. The value of this variable is sometimes of interest to
     programmers providing custom /etc/shorewall/tcstart scripts.
 
-14) If you have problems with ethernet interfaces switching names when
-    your system is rebooted, you can now work around the problem. For
-    each interface, select a shell variable name and set the variable
-    to the value echoed by the 'find_interface_by_mac' function.
-
-    Example: To set EXT_IF to the interface with MAC address
-    00:02:e3:08:55:fa, in /etc/shorewall/params:
-
-	EXT_IF=$(find_interface_by_mac 00:02:e3:08:55:fa)
-
-    Now simply use $EXT_IF any time that you wish to refer to that
-    interface.
-
-    WARNING: If you have this problem, you will not wish to use the
-    "-f" option in the Shorewall SysV init script (usually named
-    /etc/init.d/shorewall).