diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm
index 399920b70..8a0d0721b 100644
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -26,7 +26,7 @@
#
package Shorewall::IPAddrs;
require Exporter;
-use Shorewall::Config qw( :DEFAULT split_list require_capability in_hex8 numeric_value F_IPV4 F_IPV6 :protocols );
+use Shorewall::Config qw( :DEFAULT split_list require_capability in_hex8 numeric_value F_IPV4 F_IPV6 :protocols %config );
use Socket;
use strict;
@@ -220,7 +220,8 @@ sub validate_4net( $$ ) {
fatal_error "Invalid IP address ($net)" unless valid_4address $net;
} else {
fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net;
- validate_4address $net, $_[1];
+ my $net1 = validate_4address $net, $allow_name;
+ $net = $net1 unless $config{DEFER_DNS_RESOLUTION};
$vlsm = 32;
}
@@ -668,7 +669,8 @@ sub validate_6net( $$ ) {
fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net;
} else {
fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/';
- validate_6address $net, $allow_name;
+ my $net1 = validate_6address $net, $allow_name;
+ $net = $net1 unless $config{DEFER_DNS_RESOLUTION};
$vlsm = 128;
}
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index b3fe726f6..ca5da94d0 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1089,7 +1089,7 @@ sub add_a_route( ) {
}
fatal_error 'DEST must be specified' if $dest eq '-';
- $dest = validate_net ( $dest, 1 );
+ $dest = validate_net ( $dest, 0 );
validate_address ( $gateway, 1 ) if $gateway ne '-';
diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index fc4021f4e..37ba14e67 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -1200,7 +1200,7 @@ sub process_interface( $$ ) {
$hostoptions{broadcast} = 1;
} elsif ( $option eq 'sfilter' ) {
$filterref = [ split_list $value, 'address' ];
- $_ = validate_net( $_, 1) for @{$filterref}
+ validate_net( $_, 0) for @{$filterref}
} else {
assert(0);
}
diff --git a/Shorewall/manpages/shorewall-arprules.xml b/Shorewall/manpages/shorewall-arprules.xml
index f78e56b4d..f3fdedbea 100644
--- a/Shorewall/manpages/shorewall-arprules.xml
+++ b/Shorewall/manpages/shorewall-arprules.xml
@@ -161,7 +161,7 @@
ipaddress
- is an IPv4 address.
+ is an IPv4 address. DNS names are not allowed.
@@ -224,7 +224,7 @@
ipaddress
- is an IPv4 address or a MAC address.
+ is an IPv4 address. DNS Names are not allowed.
diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml
index 25429ccc3..9cbea2963 100644
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -559,23 +559,11 @@
is an advantage if you use AUTOMAKE=Yes and the IP address
associated with the DNS name is subject to change. When
DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses
- by the compiler. This has two advantages:
-
-
-
- When AUTOMAKE=Yes the start and
- restart commands will succeed even if no DNS
- server is reachable (assuming that the configuration hasn't
- changed since the compiled script was last generated).
-
-
-
- The restore command (including the
- automatic restore performed when
- start or restart fails)
- will succeed even if no DNS server is reachable.
-
-
+ by the compiler. This has the advantage that when AUTOMAKE=Yes, the
+ start and restart commands
+ will succeed even if no DNS server is reachable (assuming that the
+ configuration hasn't changed since the compiled script was last
+ generated).
diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml
index f5c17147a..13c93621e 100644
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@@ -498,23 +498,11 @@
is an advantage if you use AUTOMAKE=Yes and the IP address
associated with the DNS name is subject to change. When
DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses
- by the compiler. This has two advantages:
-
-
-
- When AUTOMAKE=Yes the start and
- restart commands will succeed even if no DNS
- server is reachable (assuming that the configuration hasn't
- changed since the compiled script was last generated).
-
-
-
- The restore command (including the
- automatic restore performed when
- start or restart fails)
- will succeed even if no DNS server is reachable.
-
-
+ by the compiler. This has the advantage that when AUTOMAKE=Yes the
+ start and restart commands
+ will succeed even if no DNS server is reachable (assuming that the
+ configuration hasn't changed since the compiled script was last
+ generated).