Merge branch '4.5.12'

Conflicts:
	Shorewall/manpages/shorewall.conf.xml
	Shorewall6/manpages/shorewall6.conf.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/IPAddrs.pm

@@ -26,7 +26,7 @@
 #
 package Shorewall::IPAddrs;
 require Exporter;
-use Shorewall::Config qw( :DEFAULT split_list require_capability in_hex8 numeric_value F_IPV4 F_IPV6 :protocols );
+use Shorewall::Config qw( :DEFAULT split_list require_capability in_hex8 numeric_value F_IPV4 F_IPV6 :protocols %config );
 use Socket;
 
 use strict;
@@ -220,7 +220,8 @@ sub validate_4net( $$ ) {
 	fatal_error "Invalid IP address ($net)"       unless valid_4address $net;
     } else {
 	fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net;
-	validate_4address $net, $_[1];
+	my $net1 = validate_4address $net, $allow_name;
+	$net  = $net1 unless $config{DEFER_DNS_RESOLUTION};
 	$vlsm = 32;
     }
 
@@ -668,7 +669,8 @@ sub validate_6net( $$ ) {
 	fatal_error "Invalid IPv6 address ($net)"       unless valid_6address $net;
     } else {
 	fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/';
-	validate_6address $net, $allow_name;
+	my $net1 = validate_6address $net, $allow_name;
+	$net  = $net1 unless $config{DEFER_DNS_RESOLUTION};
 	$vlsm = 128;
     }
 

Shorewall/Perl/Shorewall/Providers.pm

@@ -1089,7 +1089,7 @@ sub add_a_route( ) {
     }
 
     fatal_error 'DEST must be specified' if $dest eq '-';
-    $dest = validate_net ( $dest, 1 );
+    $dest = validate_net ( $dest, 0 );
 
     validate_address ( $gateway, 1 ) if $gateway ne '-';
 

Shorewall/Perl/Shorewall/Zones.pm

@@ -1200,7 +1200,7 @@ sub process_interface( $$ ) {
 		    $hostoptions{broadcast} = 1;
 		} elsif ( $option eq 'sfilter' ) {
 		    $filterref = [ split_list $value, 'address' ];
-		    $_ = validate_net( $_, 1) for @{$filterref}
+		    validate_net( $_, 0) for @{$filterref}
 		} else {
 		    assert(0);
 		}

Shorewall/manpages/shorewall-arprules.xml

@@ -161,7 +161,7 @@
               <term><replaceable>ipaddress</replaceable></term>
 
               <listitem>
-                <para>is an IPv4 address.</para>
+                <para>is an IPv4 address. DNS names are not allowed.</para>
               </listitem>
             </varlistentry>
 
@@ -224,7 +224,7 @@
               <term><replaceable>ipaddress</replaceable></term>
 
               <listitem>
-                <para>is an IPv4 address or a MAC address.</para>
+                <para>is an IPv4 address. DNS Names are not allowed.</para>
               </listitem>
             </varlistentry>
 

Shorewall/manpages/shorewall.conf.xml

@@ -559,23 +559,11 @@
           is an advantage if you use AUTOMAKE=Yes and the IP address
           associated with the DNS name is subject to change. When
           DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses
-          by the compiler. This has two advantages:</para>
+          by the compiler. This has the advantage that when AUTOMAKE=Yes, the
-
+          <command>start</command> and <command>restart</command> commands
-          <orderedlist>
+          will succeed even if no DNS server is reachable (assuming that the
-            <listitem>
+          configuration hasn't changed since the compiled script was last
-              <para>When AUTOMAKE=Yes the <command>start</command> and
+          generated).</para>
-              <command>restart</command> commands will succeed even if no DNS
-              server is reachable (assuming that the configuration hasn't
-              changed since the compiled script was last generated).</para>
-            </listitem>
-
-            <listitem>
-              <para>The <command>restore</command> command (including the
-              automatic <command>restore</command> performed when
-              <command>start</command> or <command>restart</command> fails)
-              will succeed even if no DNS server is reachable.</para>
-            </listitem>
-          </orderedlist>
         </listitem>
       </varlistentry>
 

Shorewall6/manpages/shorewall6.conf.xml

@@ -498,23 +498,11 @@
           is an advantage if you use AUTOMAKE=Yes and the IP address
           associated with the DNS name is subject to change. When
           DEFER_DNS_RESOLUTION=No, DNS names are converted into IP addresses
-          by the compiler. This has two advantages:</para>
+          by the compiler. This has the advantage that when AUTOMAKE=Yes the
-
+          <command>start</command> and <command>restart</command> commands
-          <orderedlist>
+          will succeed even if no DNS server is reachable (assuming that the
-            <listitem>
+          configuration hasn't changed since the compiled script was last
-              <para>When AUTOMAKE=Yes the <command>start</command> and
+          generated).</para>
-              <command>restart</command> commands will succeed even if no DNS
-              server is reachable (assuming that the configuration hasn't
-              changed since the compiled script was last generated).</para>
-            </listitem>
-
-            <listitem>
-              <para>The <command>restore</command> command (including the
-              automatic <command>restore</command> performed when
-              <command>start</command> or <command>restart</command> fails)
-              will succeed even if no DNS server is reachable.</para>
-            </listitem>
-          </orderedlist>
         </listitem>
       </varlistentry>