Finish wildcard port support

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3189 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -12,6 +12,8 @@ Changes in 3.0.4
 
 6)  Fix bug in RETAIN_ALIASES=Yes.
 
+7)  Wildcard port support.
+
 Changes in 3.0.3
 
 1) Implement "shorewall show macros"

Shorewall/firewall

@@ -939,10 +939,23 @@ known_interface() # $1 = interface name
     return 1
 }
 
+known_port() # $1 = port name
+{
+    local port
+
+    for port in $ALL_PORTS ; do
+	if if_match $port $1 ; then
+	    return 0
+	fi
+    done
+
+    return 1
+}
+
 match_source_dev()
 {
     if [ -n "$BRIDGING" ]; then
-	list_search $1 $ALL_PORTS && physdev_echo "--physdev-in $1" || echo -i $1
+	known_port $1 && physdev_echo "--physdev-in $1" || echo -i $1
     else
 	echo -i $1
     fi
@@ -951,7 +964,7 @@ match_source_dev()
 match_dest_dev()
 {
     if [ -n "$BRIDGING" ]; then
-	list_search $1 $ALL_PORTS && physdev_echo "--physdev-out $1" || echo -o $1
+	known_port $1 && physdev_echo "--physdev-out $1" || echo -o $1
     else
 	echo -o $1
     fi
@@ -959,7 +972,7 @@ match_dest_dev()
 
 verify_interface()
 {
-    known_interface $1 || { [ -n "$BRIDGING" ] && list_search $1 $ALL_PORTS ; }
+    known_interface $1 || { [ -n "$BRIDGING" ] && known_port $1 ; }
 }
 
 #

Shorewall/releasenotes.txt

@@ -79,6 +79,20 @@ New Features in 3.0.4
 2)  DISABLE_IPV6 no longer disabled local (loopback) IPV6 traffic. This
     change is reported to improve Java startup time on some distributions.
 
+3)  Shorewall now contains support for wildcard ports. In /etc/shorewall/hosts,
+    you may specify the port name with trailing "+" then use specific port names
+    in rules.
+
+    Example:
+
+    /etc/shorewall/hosts
+
+	vpn      br0:tap+
+
+    /etc/shorewall/hosts
+
+	DROP      vpn:tap0              vpn:tap1          udp    9999
+
 Migration Considerations for Users upgrading from Shorewall 2.x.
 
 1) The "monitor" command has been eliminated.