From 3fbfafb6e31cc1ea76ff647d2bea8aaee8409d1a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 1 Sep 2012 18:13:49 -0700
Subject: [PATCH] Assign marks to according to GROUP zones

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Config.pm |  4 ++--
 Shorewall/Perl/Shorewall/Zones.pm  | 18 ++++++++++++++----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index f44eb3b11..23eb7d933 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -4578,9 +4578,9 @@ sub get_configuration( $$$ ) {
     $globals{PROVIDER_MASK}  = make_mask( $config{PROVIDER_BITS} ) << $config{PROVIDER_OFFSET};
 
     if ( $config{ZONE_BITS} ) {
-	$globals{ZONE_MASK} = make_mask( $config{ZONE_BITS} ) << $globals{ZONE_OFFSET};
+	$globals{ZONE_MASK} = $globals{ZONE_MASK1} = make_mask( $config{ZONE_BITS} ) << $globals{ZONE_OFFSET};
     } else {
-	$globals{ZONE_MASK} = 0;
+	$globals{ZONE_MASK} = $globals{ZONE_MASK1} = 0;
     }
 
     if ( ( my $userbits = $config{PROVIDER_OFFSET} - $config{TC_BITS} ) > 0 ) {
diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index dba285dd4..267192540 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -527,10 +527,20 @@ sub process_zone( \$ ) {
 	    $mark = 0;
 	} else {
 	    unless ( $zoneref->{options}{in_out}{nomark} ) {
-		fatal_error "Zone mark overflow - please increase the setting of ZONE_BITS" if $zonemark >= $zonemarklimit;
-		$mark      = $zonemark;
-		$zonemark += $zonemarkincr;
-		$zoneref->{complex} = 1;
+		if ( $type == GROUP ) {
+		    $zonemarklimit >>= 1;
+		    fatal_error "Zone mark overflow - please increase the setting of ZONE_BITS" if $zonemark >= $zonemarklimit;
+		    $mark = $zonemarklimit;
+		} else {
+		    fatal_error "Zone mark overflow - please increase the setting of ZONE_BITS" if $zonemark >= $zonemarklimit;
+		    $mark      = $zonemark;
+		    $zonemark += $zonemarkincr;
+		    $zoneref->{complex} = 1;
+		    
+		    for ( @parents ) {
+			$mark |= $zones{$_}{mark} if $zones{$_}{type} == GROUP;
+		    }
+		}
 	    }
 	}