diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index fcaa0a145..0472f07f8 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -476,7 +476,6 @@ sub setup_mss(); sub add_common_rules() { my $interface; my $chainref; - my $chainref1; my $target; my $target1; my $rule; @@ -547,9 +546,9 @@ sub add_common_rules() { $chainref = $filter_table->{forward_chain $interface}; if ( @filters ) { - add_jump( $chainref , $target1, 0, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters; + add_jump( $chainref , $target1, ! $ipsec, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters; } elsif ( $interfaceref->{bridge} eq $interface ) { - add_jump( $chainref , $target1, 0, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter}; + add_jump( $chainref , $target1, ! $ipsec, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter}; } add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT}; diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt index 93f60308d..c813a9990 100644 --- a/Shorewall/known_problems.txt +++ b/Shorewall/known_problems.txt @@ -1,4 +1,2 @@ 1) On systems running Upstart, shorewall-init cannot reliably secure the firewall before interfaces are brought up. - - diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index e719fe47b..ef8292355 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -267,6 +267,10 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 0 ---------------------------------------------------------------------------- +6) The following incorrect warning message has been eliminated: + + WARNING: sfilter is ineffective with FASTACCEPT=Yes + 4.4.20.1 1) The address of the Free Software Foundation has been corrected in