Merge branch '4.5.7'

2012-08-28 11:46:04 -07:00 · 2012-08-28 11:46:04 -07:00 · 303dc65d13
commit 303dc65d13
parent 40b21560d8 d838cf41bf
3 changed files with 41 additions and 16 deletions
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -384,10 +384,16 @@ sub process_tc_rule( ) {
 		       TTL => sub() {
 			                  fatal_error "TTL is not supported in IPv6 - use HL instead" if $family == F_IPV6;
 					  fatal_error "Invalid TTL specification( $cmd/$rest )" if $rest;
-					  fatal_error "Chain designator $designator not allowed with TTL" if $designator && ! ( $designator eq 'F' );
-
 					  $chain = 'tcfor';

+					  if ( $designator ) {
+					      if ( $designator eq 'P' ) {
+						  $chain = 'tcpre';
+					      } else {
+						  fatal_error "Chain designator $designator not allowed with TTL" if $designator ne 'F';
+					      }
+					  }
+
 					  $cmd =~ /^TTL\(([-+]?\d+)\)$/;

 					  my $param =  $1;
@ -405,10 +411,17 @@ sub process_tc_rule( ) {
 		       HL => sub() {
 			                  fatal_error "HL is not supported in IPv4 - use TTL instead" if $family == F_IPV4;
 					  fatal_error "Invalid HL specification( $cmd/$rest )" if $rest;
-					  fatal_error "Chain designator $designator not allowed with HL" if $designator && ! ( $designator eq 'F' );
-
 					  $chain = 'tcfor';

+
+					  if ( $designator ) {
+					      if ( $designator eq 'P' ) {
+						  $chain = 'tcpre';
+					      } else {
+						  fatal_error "Chain designator $designator not allowed with HL" if $designator ne 'F';
+					      }
+					  }
+
 					  $cmd =~ /^HL\(([-+]?\d+)\)$/;

 					  my $param =  $1;
--- a/Shorewall/manpages/shorewall-tcrules.xml
+++ b/Shorewall/manpages/shorewall-tcrules.xml
@ -515,11 +515,17 @@ SAME              $FW            0.0.0.0/0    tcp        80,443</programlisting>
              role="bold">-</emphasis>|<emphasis
              role="bold">+</emphasis>]<replaceable>number</replaceable>)</para>

-              <para>Added in Shorewall 4.4.24. May be option followed by
+              <para>Added in Shorewall 4.4.24. </para>
+
+              <para>Prior to Shorewall 4.5.7.2, may be optionally followed by
              <emphasis role="bold">:F</emphasis> but the resulting rule is
-              always added to the FORWARD chain. If <emphasis
-              role="bold">+</emphasis> is included, packets matching the rule
-              will have their TTL incremented by
+              always added to the FORWARD chain. Beginning with Shorewall
+              4.5.7.s, it may be optionally followed by <emphasis
+              role="bold">:P</emphasis>, in which case the rule is added to
+              the PREROUTING chain.</para>
+
+              <para>If <emphasis role="bold">+</emphasis> is included, packets
+              matching the rule will have their TTL incremented by
              <replaceable>number</replaceable>. Similarly, if <emphasis
              role="bold">-</emphasis> is included, matching packets have
              their TTL decremented by <replaceable>number</replaceable>. If
--- a/Shorewall6/manpages/shorewall6-tcrules.xml
+++ b/Shorewall6/manpages/shorewall6-tcrules.xml
@ -411,15 +411,21 @@ SAME              $FW            0.0.0.0/0    tcp        80,443</programlisting>
              role="bold">-</emphasis>|<emphasis
              role="bold">+</emphasis>]<replaceable>number</replaceable>)</para>

-              <para>Added in Shorewall 4.4.24. May be option followed by
+              <para>Added in Shorewall 4.4.24.</para>
+
+              <para>Prior to Shorewall 4.5.7.2, may be optionally followed by
              <emphasis role="bold">:F</emphasis> but the resulting rule is
-              always added to the FORWARD chain. If <emphasis
-              role="bold">+</emphasis> is included, packets matching the rule
-              will have their HL (hop limit) incremented by
-              <replaceable>number</replaceable>. Similarly, if <emphasis
-              role="bold">-</emphasis> is included, matching packets have
-              their HL decremented by <replaceable>number</replaceable>. If
-              neither <emphasis role="bold">+</emphasis> nor <emphasis
+              always added to the FORWARD chain. Beginning with Shorewall
+              4.5.7.s, it may be optionally followed by <emphasis
+              role="bold">:P</emphasis>, in which case the rule is added to
+              the PREROUTING chain.</para>
+
+              <para> If <emphasis role="bold">+</emphasis> is included,
+              packets matching the rule will have their HL (hop limit)
+              incremented by <replaceable>number</replaceable>. Similarly, if
+              <emphasis role="bold">-</emphasis> is included, matching packets
+              have their HL decremented by <replaceable>number</replaceable>.
+              If neither <emphasis role="bold">+</emphasis> nor <emphasis
              role="bold">-</emphasis> is given, the HL of matching packets is
              set to <replaceable>number</replaceable>. The valid range of
              values for <replaceable>number</replaceable> is 1-255.</para>