Merge branch '4.5.12'

Conflicts: Shorewall/manpages/shorewall.conf.xml Shorewall6/manpages/shorewall6.conf.xml Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-12-18 20:30:43 +01:00 · 2013-01-15 10:42:10 -08:00 · 2013-01-15 10:42:10 -08:00 · f0e580347d
commit f0e580347d
parent c26db29244 89a09f0256
6 changed files with 19 additions and 41 deletions
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@ -26,7 +26,7 @@
 #
 package Shorewall::IPAddrs;
 require Exporter;
-use Shorewall::Config qw( :DEFAULT split_list require_capability in_hex8 numeric_value F_IPV4 F_IPV6 :protocols );
+use Shorewall::Config qw( :DEFAULT split_list require_capability in_hex8 numeric_value F_IPV4 F_IPV6 :protocols %config );
 use Socket;

 use strict;
@ -220,7 +220,8 @@ sub validate_4net( $$ ) {
 	fatal_error "Invalid IP address ($net)"       unless valid_4address $net;
    } else {
 	fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net;
-	validate_4address $net, $_[1];
+	my $net1 = validate_4address $net, $allow_name;
+	$net  = $net1 unless $config{DEFER_DNS_RESOLUTION};
 	$vlsm = 32;
    }

@ -668,7 +669,8 @@ sub validate_6net( $$ ) {
 	fatal_error "Invalid IPv6 address ($net)"       unless valid_6address $net;
    } else {
 	fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/';
-	validate_6address $net, $allow_name;
+	my $net1 = validate_6address $net, $allow_name;
+	$net  = $net1 unless $config{DEFER_DNS_RESOLUTION};
 	$vlsm = 128;
    }

--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@ -1089,7 +1089,7 @@ sub add_a_route( ) {
    }

    fatal_error 'DEST must be specified' if $dest eq '-';
-    $dest = validate_net ( $dest, 1 );
+    $dest = validate_net ( $dest, 0 );

    validate_address ( $gateway, 1 ) if $gateway ne '-';

--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@ -1200,7 +1200,7 @@ sub process_interface( $$ ) {
 		    $hostoptions{broadcast} = 1;
 		} elsif ( $option eq 'sfilter' ) {
 		    $filterref = [ split_list $value, 'address' ];
-		    $_ = validate_net( $_, 1) for @{$filterref}
+		    validate_net( $_, 0) for @{$filterref}
 		} else {
 		    assert(0);
 		}
--- a/Shorewall/manpages/shorewall-arprules.xml
+++ b/Shorewall/manpages/shorewall-arprules.xml
@ -161,7 +161,7 @@
              <term><replaceable>ipaddress</replaceable></term>

              <listitem>
-                <para>is an IPv4 address.</para>
+                <para>is an IPv4 address. DNS names are not allowed.</para>
              </listitem>
            </varlistentry>

@ -224,7 +224,7 @@
              <term><replaceable>ipaddress</replaceable></term>

              <listitem>
-                <para>is an IPv4 address or a MAC address.</para>
+                <para>is an IPv4 address. DNS Names are not allowed.</para>
              </listitem>
            </varlistentry>

--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@ -559,23 +559,11 @@
          is an advantage if you use AUTOMAKE=Yes and the IP address
          associated with the DNS name is subject to change. When
          DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses
-          by the compiler. This has two advantages:</para>
-
-          <orderedlist>
-            <listitem>
-              <para>When AUTOMAKE=Yes the <command>start</command> and
-              <command>restart</command> commands will succeed even if no DNS
-              server is reachable (assuming that the configuration hasn't
-              changed since the compiled script was last generated).</para>
-            </listitem>
-
-            <listitem>
-              <para>The <command>restore</command> command (including the
-              automatic <command>restore</command> performed when
-              <command>start</command> or <command>restart</command> fails)
-              will succeed even if no DNS server is reachable.</para>
-            </listitem>
-          </orderedlist>
+          by the compiler. This has the advantage that when AUTOMAKE=Yes, the
+          <command>start</command> and <command>restart</command> commands
+          will succeed even if no DNS server is reachable (assuming that the
+          configuration hasn't changed since the compiled script was last
+          generated).</para>
        </listitem>
      </varlistentry>

--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@ -498,23 +498,11 @@
          is an advantage if you use AUTOMAKE=Yes and the IP address
          associated with the DNS name is subject to change. When
          DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses
-          by the compiler. This has two advantages:</para>
-
-          <orderedlist>
-            <listitem>
-              <para>When AUTOMAKE=Yes the <command>start</command> and
-              <command>restart</command> commands will succeed even if no DNS
-              server is reachable (assuming that the configuration hasn't
-              changed since the compiled script was last generated).</para>
-            </listitem>
-
-            <listitem>
-              <para>The <command>restore</command> command (including the
-              automatic <command>restore</command> performed when
-              <command>start</command> or <command>restart</command> fails)
-              will succeed even if no DNS server is reachable.</para>
-            </listitem>
-          </orderedlist>
+          by the compiler. This has the advantage that when AUTOMAKE=Yes the
+          <command>start</command> and <command>restart</command> commands
+          will succeed even if no DNS server is reachable (assuming that the
+          configuration hasn't changed since the compiled script was last
+          generated).</para>
        </listitem>
      </varlistentry>