Fix QUEUE in the ESTABLISHED section

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3399 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -33,3 +33,7 @@ Changes in 3.1.x.
 
 16) Apply Tuomo's patches for IPSEC and Noecho.
 
+17) Fix bridging
+
+18) Fix QUEUE when used in the ESTABLISHED section.
+

Shorewall/compiler

@@ -5149,13 +5149,13 @@ process_rule() # $1 = target
 	case $proto in
 	    tcp|TCP|6)
 		do_ports
-		[ "$target" = QUEUE ] && proto="$proto --syn"
+		[ "$target" = QUEUE -a $SECTION != ESTABLISHED ] && proto="$proto --syn"
 		;;
 	    udp|UDP|17)
 		do_ports
 		;;
 	    icmp|ICMP|1)
-		[ -n "$port" ]  && 	dports="--icmp-type $port"
+		[ -n "$port" ] && dports="--icmp-type $port"
 		;;
 	    all|ALL)
 		[ -n "$port" ] && \

Shorewall/releasenotes.txt

@@ -29,9 +29,16 @@ Note to users upgrading from Shorewall 2.x or 3.0
 
 Problems Corrected in 3.1.4
 
-1) "shorewall check" generates an error if there are entries in
+1) "shorewall check" generated an error if there were entries in
    /etc/shorewall/massq.
 
+2) Bridging now works.
+
+3) The handling of the QUEUE target in the ESTABLISHED section has been
+   corrected. Previously, the "--syn" option was being added unconditionally
+   to rules with the QUEUE target with the result that no TCP packets in the
+   ESTABLISHED state would be sent to QUEUE.
+
 New Features added in 3.1.4
 
 1) The /etc/shorewall/maclist file has a new column layout. The first column