From ebd9ce70d04c56d9a6305f1f4f588db6faeed2f7 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 8 Apr 2008 16:08:13 +0000
Subject: [PATCH] Fix another ':' parsing bug

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8399 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Rules.pm | 14 +++++++-------
 Shorewall-perl/Shorewall/Zones.pm |  2 ++
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index 387c29cb0..94046fea5 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -723,18 +723,18 @@ sub setup_mac_lists( $ ) {
 
 	while ( read_a_line ) {
 
-	    my ( $disposition, $interface, $mac, $addresses  ) = split_line1 3, 4, 'maclist file';
+	    my ( $original_disposition, $interface, $mac, $addresses  ) = split_line1 3, 4, 'maclist file';
 
-	    if ( $disposition eq 'COMMENT' ) {
+	    if ( $original_disposition eq 'COMMENT' ) {
 		process_comment;
 	    } else {
-		( $disposition, my ( $level, $remainder) ) = split( /:/, $disposition, 3 );
+		my ( $disposition, $level, $remainder) = split( /:/, $original_disposition, 3 );
 
-		fatal_error "Invalid log level" if defined $remainder;
+		fatal_error "Invalid DISPOSITION ($original_disposition)" if defined $remainder || ! $disposition;
 
 		my $targetref = $maclist_targets{$disposition};
 
-		fatal_error "Invalid DISPOSITION ($disposition)" if ! $targetref || ( ( $table eq 'mangle' ) && ! $targetref->{mangle} );
+		fatal_error "Invalid DISPOSITION ($original_disposition)" if ! $targetref || ( ( $table eq 'mangle' ) && ! $targetref->{mangle} );
 
 		unless ( $maclist_interfaces{$interface} ) {
 		    fatal_error "No hosts on $interface have the maclist option specified";
@@ -1430,7 +1430,7 @@ sub process_rules() {
 	    #
 	    # read_a_line has already verified that there are exactly two tokens on the line
 	    #
-	    fatal_error "Invalid SECTION $source" unless defined $sections{$source};
+	    fatal_error "Invalid SECTION ($source)" unless defined $sections{$source};
 	    fatal_error "Duplicate or out of order SECTION $source" if $sections{$source};
 	    $sectioned = 1;
 	    $sections{$source} = 1;
@@ -1583,7 +1583,7 @@ sub generate_matrix() {
 	    for my $interface ( sort { interface_number( $a ) <=> interface_number( $b ) } keys %$source_ref ) {
 		my $sourcechainref;
 		my $interfacematch = '';
-		
+	
 		if ( use_forward_chain( $interface ) ) {
 		    $sourcechainref = $filter_table->{forward_chain $interface};
 		} else {
diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm
index 0603c2fdb..709be9ec9 100644
--- a/Shorewall-perl/Shorewall/Zones.pm
+++ b/Shorewall-perl/Shorewall/Zones.pm
@@ -273,6 +273,7 @@ sub determine_zones()
 	    $type = 'ipv4';
 	    $ipv4 = 1;
 	} elsif ( $type =~ /^ipsec4?$/i ) {
+	    fatal_error "IPSEC Zones require FASTACCEPT=No" if $config{FASTACCEPT};
 	    $type = 'ipsec4';
 	} elsif ( $type =~ /^bport4?$/i ) {
 	    warning_message "Bridge Port zones should have a parent zone" unless @parents;
@@ -969,6 +970,7 @@ sub validate_hosts_file()
 	    for my $option ( @options )
 	    {
 		if ( $option eq 'ipsec' ) {
+		    fatal_error "'ipsec' requires FASTACCEPT=No" if $config{FASTACCEPT};
 		    $type = 'ipsec4';
 		    $zoneref->{options}{complex} = 1;
 		    $ipsec = 1;