Correct netmask generation in tcfilters

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9850 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/Perl/Shorewall/IPAddrs.pm

@@ -121,7 +121,7 @@ INIT {
 sub vlsm_to_mask( $ ) {
     my $vlsm = $_[0];
 
-    in_hex8 ( ( 0xFFFFFFFF << ( 32 - $vlsm ) ) && 0xFFFFFFFF );
+    in_hex8 ( ( 0xFFFFFFFF << ( 32 - $vlsm ) ) & 0xFFFFFFFF );
 }
 
 sub valid_4address( $ ) {

Shorewall/changelog.txt

@@ -2,6 +2,8 @@ Changes in Shorewall 4.3.9
 
 1) Logging rules now create separate chain.
 
+2) Fix netmask genereation in tcfilters.
+
 Changes in Shorewall 4.3.8
 
 1) Apply Tuomo Soini's patch for USE_DEFAULT_RT.

Shorewall/releasenotes.txt

@@ -60,6 +60,10 @@ released late in 2009.
 1)  If an interface name was specified in a PREROUTING rule (tcrules or
     notrack) then an invalid iptables rule would be generated.
 
+2)  When a network address appeared in the SOURCE or DEST column of
+    /etc/shorewall/tcfilters, an incorrect netmask was being generated in
+    the resulting 'tc' rule.
+
 ----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------