Another fix for <zone>_frwd chains

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@780 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -20,4 +20,4 @@ Changes since 1.4.7
 
 9) Liberalize chain names used in the accounting file.
 
-10) Fix the fix for 'complex' zones.
+10) Fix the fix for 'complex' zones (twice).

Shorewall/firewall

@@ -726,6 +726,7 @@ validate_policy()
     print_policy() # $1 = source zone, $2 = destination zone
     {
 	[ $command != check ] || \
+	    [ $1 = $2 ]  || \
 	    [ $1 = all ] || \
 	    [ $2 = all ] || \
 	    echo "   Policy for $1 to $2 is $policy using chain $chain"
@@ -4432,10 +4433,9 @@ activate_rules()
 		for host1 in $dest_hosts; do
 		    interface1=${host1%:*}
 		    subnet1=${host1#*:}
-
+		    if [ `list_count1 $source_hosts` -eq 1 -a "$source_hosts" = "$host1" ]; then
-		    if list_search $host1 $source_hosts && ! list_search $host1 $routeback; then
+			if list_search $host1 $routeback; then
-			if [ `list_count1 $source_hosts` -gt 1 ]; then
+			    run_iptables -A $frwd_chain -o $interface1 -d $subnet1 -j $chain
-			    run_iptables -A $frwd_chain -s ! $subnet1 -o $interface1 -d $subnet1 -j $chain
 			fi
 		    else
 			run_iptables -A $frwd_chain -o $interface1 -d $subnet1 -j $chain

Shorewall/releasenotes.txt

@@ -38,7 +38,8 @@ Problems Corrected since version 1.4.7:
    rule generated by the entry. It is now applied to all entries.
 
 7) The original fix for item 5) above contained a bug which caused the
-   "<zone>_frwd" chain to have too few rules. That has been corrected.  
+   "<zone>_frwd" chain to have too few rules. That has been corrected
+   (twice).  
 
 Migration Issues: