Allow for routeback of stopped interfaces

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1179 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -52,3 +52,5 @@ Changes since 1.4.10
 25) Make detectnets and routeback play nice together.
 
 26) Avoid superfluous --state NEW tests.
+
+27) Allow backrouting of 'routestopped' devices.

Shorewall2/firewall

@@ -1056,9 +1056,7 @@ stop_firewall() {
 	    iptables -A OUTPUT -o $interface -d $subnet -j ACCEPT
 
 	for host1 in $hosts; do
-	    [ "$host" != "$host1" ] && \
+	    iptables -A FORWARD -i $interface -s $subnet -o ${host1%:*} -d ${host1#*:} -j ACCEPT
-		iptables -A FORWARD -i $interface -s $subnet \
-		    -o ${host1%:*} -d ${host1#*:} -j ACCEPT
 	done
     done
 

Shorewall2/releasenotes.txt

@@ -15,10 +15,11 @@ Problems Corrected since 1.4.10
 4) The 'detectnets' and 'routeback' options may now be used together
    with the intended effect.
 
-Problems Corrected since Beta 3
+Problems Corrected since RC1
 
-1) The REJECT target now works correctly for TCP (sends an RST).
+1) After a "shorewall stop", traffic routed back to networks in
-   Previously, an ICMP reply was generated.
+   the /etc/shorewall/routestopped file is accepted. This is required
+   to allow traffic through a bridge while shorewall is stopped.
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0: