From 0f72f92c4859823aa1c5e3ee98f41c62b4848e11 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 26 Oct 2003 16:22:01 +0000
Subject: [PATCH] Another fix for <zone>_frwd chains

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@780 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/changelog.txt    | 2 +-
 Shorewall/firewall         | 8 ++++----
 Shorewall/releasenotes.txt | 3 ++-
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index fbd18ae1d..bf785240f 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -20,4 +20,4 @@ Changes since 1.4.7
 
 9) Liberalize chain names used in the accounting file.
 
-10) Fix the fix for 'complex' zones.
+10) Fix the fix for 'complex' zones (twice).
diff --git a/Shorewall/firewall b/Shorewall/firewall
index ba940632d..194a09c60 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -726,6 +726,7 @@ validate_policy()
     print_policy() # $1 = source zone, $2 = destination zone
     {
 	[ $command != check ] || \
+	    [ $1 = $2 ]  || \
 	    [ $1 = all ] || \
 	    [ $2 = all ] || \
 	    echo "   Policy for $1 to $2 is $policy using chain $chain"
@@ -4432,10 +4433,9 @@ activate_rules()
 		for host1 in $dest_hosts; do
 		    interface1=${host1%:*}
 		    subnet1=${host1#*:}
-
-		    if list_search $host1 $source_hosts && ! list_search $host1 $routeback; then
-			if [ `list_count1 $source_hosts` -gt 1 ]; then
-			    run_iptables -A $frwd_chain -s ! $subnet1 -o $interface1 -d $subnet1 -j $chain
+		    if [ `list_count1 $source_hosts` -eq 1 -a "$source_hosts" = "$host1" ]; then
+			if list_search $host1 $routeback; then
+			    run_iptables -A $frwd_chain -o $interface1 -d $subnet1 -j $chain
 			fi
 		    else
 			run_iptables -A $frwd_chain -o $interface1 -d $subnet1 -j $chain
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 55c03d105..7c9026261 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -38,7 +38,8 @@ Problems Corrected since version 1.4.7:
    rule generated by the entry. It is now applied to all entries.
 
 7) The original fix for item 5) above contained a bug which caused the
-   "<zone>_frwd" chain to have too few rules. That has been corrected.  
+   "<zone>_frwd" chain to have too few rules. That has been corrected
+   (twice).  
 
 Migration Issues: