From 09bcf7c1aba9a013a2d4326a9a3598fcd2d19358 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 20 Feb 2004 21:50:33 +0000
Subject: [PATCH] Restore correct REJECT behavior

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1157 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/firewall         | 33 +++++++++++----------------------
 Shorewall2/releasenotes.txt | 11 ++++++++++-
 2 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index e10e68b8b..2eb48456b 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -3002,9 +3002,14 @@ process_rule() # $1 = target
 	target="${target%:*}"
 	expandv loglevel
     fi
-  
-    logtarget="$target"
-    dnat_only=
+    #
+    # Save the original target in 'logtarget' for logging rules
+    #
+    logtarget=${target%-}
+    #
+    # Targets ending in "-" only apply to the nat table
+    #
+    [ $target = $logtarget ] && dnat_only= || dnat_only=Yes
 
     # Tranform the rule:
     #
@@ -3054,32 +3059,16 @@ process_rule() # $1 = target
 	    [ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with DROP"
 	    ;;
 	REJECT)
+	    target=reject
 	    ;;
 	CONTINUE)
 	    ;;
-	DNAT)
+	DNAT*)
 	    target=ACCEPT
 	    address=${address:=detect}
 	    ;;
-	DNAT-)
+	REDIRECT*)
 	    target=ACCEPT
-	    logtarget=DNAT
-	    address=${address:=detect}
-	    dnat_only=Yes
-	    ;;
-	REDIRECT)
-	    target=ACCEPT
-	    address=${address:=all}
-	    if [ "x-" = "x$servers" ]; then
-		servers=$FW
-	    else
-		servers="$FW::$servers"
-	    fi
-	    ;;
-	REDIRECT-)
-	    target=ACCEPT
-	    logtarget=REDIRECT
-	    dnat_only=Yes
 	    address=${address:=all}
 	    if [ "x-" = "x$servers" ]; then
 		servers=$FW
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index 7e29bc9c5..44a35b6c4 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -1,4 +1,4 @@
-Shorewall 2.0.0-Beta3
+Shorewall 2.0.0-RC1
 
 ----------------------------------------------------------------------
 Problems Corrected since 1.4.10
@@ -14,6 +14,11 @@ Problems Corrected since 1.4.10
 
 4) The 'detectnets' and 'routeback' options may now be used together
    with the intended effect.
+
+Problems Corrected since Beta 3
+
+1) The REJECT target now works correctly for TCP (sends an RST).
+   Previously, an ICMP reply was generated.
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
 
@@ -63,6 +68,10 @@ Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
    policies but does not specify such an action in the default
    configuration.
 
+   If for some reason, you don't wish to have a common DROP or REJECT
+   action, just include :DROP or :REJECT respectively in your
+   /etc/shorewall/actions file.
+
    The file /usr/share/shorewall/actions.std catalogs the standard 
    actions and is processed prior to /etc/shorewall/actions. This
    causes a large number of actions to be defined. The files which